Secondary bootloader runs on both encrypted and un-encypted images

ID: LPCBARESDK-919

Status: Open

First reported: 6.0.16.1144

Fixed in: TBD

Description

the secondary bootloader supports a dual image booting scheme and it is used in Software Update Over the Air (SUOTA) applications for updating the product firmware with a new image. The current secondary bootloader 6.0.16.1144\utilities\secondary_bootloader works on both with encrypted and un-encrypted images means that with SUOTA we can still update the device with encrypted and un-encrypted alike. Users who would like to update their software through SUOTA with only encrypted image could implement the current workaround on the secondary bootloader project.

Workaround

diff --git a/utilities/secondary_bootloader/src/bootloader.c b/utilities/secondary_bootloader/src/bootloader.c
index cf11ea4..db2d112 100644
--- a/utilities/secondary_bootloader/src/bootloader.c
+++ b/utilities/secondary_bootloader/src/bootloader.c
@@ -13,6 +13,7 @@
  */

 #include <stdio.h>
+#include <string.h>
 #include <stdint.h>
 #include "user_periph_setup.h"
 #include "uart_booter.h"
@@ -53,6 +54,30 @@ static const i2c_eeprom_cfg_t i2c_eeprom_cfg = {
 };
 #endif

+static int8_t HandleEncryptImage(uint32_t encrypt_image_header_addr)
+{
+   s_imageHeader *pImageHeader;
+   uint32_t offset;
+   uint32_t actual_size;
+   int8_t ret;
+
+   // Calculate the starting sector offset
+   offset = (encrypt_image_header_addr / SPI_FLASH_SECTOR_SIZE) * SPI_FLASH_SECTOR_SIZE;
+   // Blocking Erase of a Flash sector
+   ret = spi_flash_block_erase(offset, SPI_FLASH_OP_SE);
+   if (ret != SPI_FLASH_ERR_OK){
+           return ret;
+   }
+
+   memset(pImageHeader, 0, sizeof(s_imageHeader) );
+
+   spi_flash_write_data((uint8_t *)pImageHeader, encrypt_image_header_addr, sizeof(s_imageHeader), &actual_size);
+
+   return ret;
+
+}
+
+
 #if !defined(SUPPORT_AN_B_001) && (defined(SPI_FLASH_SUPPORTED ) || defined(I2C_EEPROM_SUPPORTED))

 /**
@@ -209,10 +234,16 @@ static int loadActiveImage(void)
         {
             Decrypt_Image(codesize1);
         }
+               else{
+                       HandleEncryptImage(imageposition1);
+                       return -1;
+               }
+
         #endif
         if ((image1_encryption && !AES_ENCRYPTED_IMAGE_SUPPORTED) ||
             (crc_image1 != crc32(0, (uint8_t*)SYSRAM_BASE_ADDRESS, codesize1)))
         {
+                   HandleEncryptImage(imageposition1);
             if (images_status == 3)
             {
                 FlashRead(SYSRAM_BASE_ADDRESS,
@@ -223,6 +254,10 @@ static int loadActiveImage(void)
                 {
                     Decrypt_Image(codesize2);
                 }
+                               else
+                               {
+                                       return -1;
+                               }
                 #endif
                 if ((image2_encryption && !AES_ENCRYPTED_IMAGE_SUPPORTED) ||
                     crc_image2 != crc32(0, (uint8_t*)SYSRAM_BASE_ADDRESS, codesize2))
@@ -242,10 +277,18 @@ static int loadActiveImage(void)
         {
             Decrypt_Image(codesize2);
         }
+
+               else
+               {
+                       HandleEncryptImage(imageposition2);
+                       return -1;
+               }
+
         #endif
         if ((image2_encryption && !AES_ENCRYPTED_IMAGE_SUPPORTED) ||
             crc_image2 != crc32(0, (uint8_t*)SYSRAM_BASE_ADDRESS, codesize2))
         {
+                   HandleEncryptImage(imageposition2);
             if (images_status == 3)
             {
                 FlashRead(SYSRAM_BASE_ADDRESS,
@@ -256,6 +299,10 @@ static int loadActiveImage(void)
                 {
                     Decrypt_Image(codesize1);
                 }
+                               else
+                               {
+                                       return -1;
+                               }
                 #endif
                 if ((image1_encryption && !AES_ENCRYPTED_IMAGE_SUPPORTED) ||
                     crc_image1 != crc32(0, (uint8_t*)SYSRAM_BASE_ADDRESS, codesize1))
diff --git a/utilities/secondary_bootloader/src/main.c b/utilities/secondary_bootloader/src/main.c
index f024467..0d88ec8 100644
--- a/utilities/secondary_bootloader/src/main.c
+++ b/utilities/secondary_bootloader/src/main.c
@@ -389,9 +389,8 @@ int main(void)
         ret = spi_loadActiveImage();
         if (!ret)
         {
-            SetWord16(WATCHDOG_REG, 0xC8);          // 200 * 10.24ms active time for initialization!
-            SetWord16(RESET_FREEZE_REG, FRZ_WDOG);  // Start WDOG
-
+            SetBits(WATCHDOG_CTRL_REG, NMI_RST, 0); // Switch the watchdog in NMI interrupt in order to be able to freeze it
+            SetWord16(SET_FREEZE_REG, FRZ_WDOG); // Freeze the watchdog
             spi_release();

             // Reset SPI pins but keep the CS high
@@ -450,9 +449,3 @@ int main(void)
     } // while (1)
 }