Introduction
SAM4L USB Host Mass Storage Bootloader application is to facilitate firmware upgrade using USB MSC drives. The application includes CRC check, Signature verification, AES decryption and memory verification functionality offering safe and secure firmware upgradation.
Procedure
- Do complete chip erase
- Program the bootloader
- Load the application firmware into U-disk. Connect it to the SAM4L USB MSC Host
- Press push button on RESET to start the bootloader
Bootloader Configuration
Bootloader Configurations are managed in conf_bootloader.h
- FIRMWARE_AES_ENABLED -> Enable/disable the AES Decryption
- CONSOLE_OUTPUT_ENABLED -> Enable/disable the Console message output
- VERIFY_PROGRAMMING_ENABLED -> Enable/disable the verification of programmed memory
- SECURITY_BIT_ENABLED -> Enable/disable the security bit feature
- APP_START_OFFSET -> Application starting offset from Flash
- FIRMWARE_IN_FILE_NAME -> Application Firmware file to be programmed
- APP_SIGNATURE -> Signature bytes to be verified
- BOOT_LOAD_PIN -> IO Pin used for bootloader activation
- BOOT_LOAD_PIN_ACTIVE_LVL -> Active level to be monitored for the pin
- BOOT_GP_FUSE_BIT -> GP Fuse bit used for bootloader activation
Board Configuration
Board Configurations are managed in conf_board.h
- SAM4L-EK configuration
- Has an IO configured for VBUS Detect. VBUS Pin jumper PA06/USB should be set
- CONF_BOARD_USB_PORT -> Enable USB pins
- CONF_BOARD_USB_VBUS_CONTROL -> VBUS control enabled, jumper PC08/USB should be set
- CONF_BOARD_USB_VBUS_ERR_DETECT-> VBUS error control enabled, jumper PC07/USB should be set
- An external power supply should be used since the VBUS is powered only through the external power supply controlled by the VBUS Control(VBOF) pin. Refer the SAM4L-EK schematics for more details.
- Console message output is sent through the Embedded Debugger(onboard)'s COM PORT.
- SAM4L Xplained Pro configuration
- Has an IO configured for VBUS Detect.
- CONF_BOARD_USB_PORT -> Enable USB pins
- CONF_BOARD_USB_VBUS_CONTROL -> VBUS control enabled
- An external power supply should be used if the EDBG USB port is not able to provide enough power to the USB MSC device.
- Console message output is sent through the Embedded Debugger(onboard)'s COM PORT.
Bootloader Operation
The bootloader will decrypt the first block (24 bytes of data). It verifies the Signature data. If the verification is successful, it decrypts the entire firmware and generates CRC32 value and compares it with the stored CRC32 value. If it matches, it starts to program the application. Then, verification of the programmed memory (CRC32 check again) is performed. Then it jumps to the application section with WDT reset.
- Required Firmware Structure with AES:
- 4 bytes -> Encrypted CRC32
- 12 bytes -> Encrypted Signature Data
- Rest data -> Encrypted Input Firmware
- Required Firmware Structure without AES:
- 4 bytes -> CRC32
- 12 bytes -> Signature Data
- Rest data -> Input Firmware
- A sample application binary output (AES encrypted) is provided for testing with the bootloader.
Application Requirements
The SAM4L USB Host MSC Bootloader occupies the 32KB of the flash memory (may differ on the optimization setting used for build). Hence, the application has to be shifted by the same offset. To offset the application in those linkerscript files, set the flash origin to 0x8000 and decrease the flash size by 0x8000 for the application project. When AES is enabled, the encrypted application binary should be 16-byte aligned. If Firmware Generator is used, it takes care of the alignment.
Dependencies
The application uses the following module groups:
- Application Implementation:
- Configuration Files
- Basic modules:
Startup, board, clock, interrupt, power management
- USB host stack and MSC modules:
services/usb/
services/usb/uhc/
services/usb/class/msc/host/
- Thirdparty modules:
thirdparty/fatfs