SPRADS1 June   2025 F29H850TU

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
    1. 1.1 Hardware Security Module
    2. 1.2 Flash Programming Fundamentals
    3. 1.3 High-Level Flow
    4. 1.4 Flow Chart
  5. 2Flash-Based UART SBL with FOTA
    1. 2.1 Implementation
    2. 2.2 Triggering a Bank Swap
  6. 3FOTA_Example_Application
    1. 3.1 led_blinky_cpu1.c
    2. 3.2 Combining the Flash-Based SBL with the FOTA_Example_Application
    3. 3.3 Adding a CPU3 Application
  7. 4Host Application: UART Flash Programmer
    1. 4.1 Overview
  8. 5Example Usage
    1. 5.1 Loading the SBL onto the Device
      1. 5.1.1 Loading by CCS (JTAG)
      2. 5.1.2 Loading via UART Boot and the UART Flash Kernel
    2. 5.2 Example UART Loading Process
  9. 6FAQ
    1. 6.1 General
    2. 6.2 Application Load
  10. 7Summary
  11. 8References

4.1 Overview

The user interacts with the flash-based SBL project in an almost identical manner as the UART flash kernel. The host application used to send commands and firmware images is common between the two projects, and the host has been updated to leverage several new features available in the flash-based SBL. The UART host flash programmer can be found at the following location: f29h85x-sdk_x_xx_xx_xx > tools> flash_programmers > uart_flash_programmer.

Note:

The key difference between the host application usage for the UART kernel and the flash-based SBL is that there is no need to load a kernel .bin file to the device by bootROM. Thus, use the uart_flash_programmer_appIn.exe with the flash-based SBL project. This executable has all the same functionality as uart_flash_programmer.exe, but does not begin with sending a kernel .bin file over UART.

Table 4-1 lists the commands accepted by the flash-based SBL project:

Table 4-1 Commands
Command Description

DFU CPU1

(Device Firmware Upgrade CPU1)
  1. Receive the command packet
  2. Erase the inactive region of flash allocated to CPU1
  3. Receive the flash-based application over UART
  4. Program and verify the application to the inactive region of CPU1 flash
  5. Program the inactive bank management region of CPU1 such that a bank swap is triggered after reset
  6. Program the bank mode to the first byte of data flash
  7. Send message back to host for final status

DFU CPU3

(Device Firmware Upgrade CPU3)

Device must be in Bank Mode 3
  1. Receive the command packet
  2. Erase the inactive region of flash allocated to CPU3
  3. Receive the flash-based application over UART
  4. Program and verify the application to the inactive region of CPU3 flash
  5. Program the inactive bank management region of CPU3 such that a bank swap is triggered after reset
  6. Program the bank mode to the first byte of data flash
  7. Send message back to host for final status

HSM_CP_FLASH_IMAGE

Device must be in the HS-SE State
  1. Receive the command packet
  2. Pass X.509 certificate to the HSM to authenticate incoming firmware
  3. Receive chunks of firmware over UART
  4. Pass chunks to HSM for programming
    1. HSM programs firmware to HSM inactive flash region
  5. Once all chunks are programmed, request the HSM to verify the programmed firmware
  6. Program the bank mode to the first byte of data flash
  7. Send message back to host for final status

CPU1_CP_FLASH_IMAGE

Device must be in the HS-SE State
  1. Receive the command packet
  2. Receive chunks of firmware over UART
  3. Pass X.509 certificate to the HSM to authenticate incoming firmware
  4. Pass chunks to HSM for programming
    1. HSM programs firmware to CPU1 inactive flash region

  5. Once all chunks are programmed, request the HSM to verify the programmed firmware

  6. Program the inactive bank management region of CPU1 such that a bank swap is triggered after reset

  7. Program the bank mode to the first byte of data flash

  8. Send message back to host for final status

CPU3_CP_FLASH_IMAGE

Device must be in Bank Mode 3

Device must be in the HS-SE State

  1. Receive the command packet

  2. Receive chunks of firmware over UART

  3. Pass X.509 certificate to the HSM to authenticate incoming firmware

  4. Pass chunks to HSM for programming

    1. HSM programs firmware to CPU3 inactive flash region

  5. Once all chunks are programmed, request the HSM to verify the programmed firmware

  6. Program the inactive bank management region of CPU3 such that a bank swap is triggered after reset

  7. Program the bank mode to the first byte of data flash

  8. Send message back to host for final status

SEC_CFG_IMAGE

Device must be in the HS-SE State
  1. Receive the command packet
  2. Receive SECCFG image over UART and place in shared RAM

  3. Pass X.509 certificate to the HSM to authenticate incoming firmware

  4. Once the firmware is authenticated, request the HSM to program the SECCFG image

  5. Send command packet

SYNC_STATUS

  1. Receive the command packet

  2. Send data packet indicating that flash-based SBL is live

  3. Send command packet

Similar to what is described in the Serial Flash Programming of F29H85x™ application note, all firmware passed to the host is in the .bin file format with a valid X.509 certificate in the first 0x1000 bytes. Refer to the Combined Image with X.509 Certificate section of the application note for details on generating a valid .bin file and X.509 certificate.

For more details on how to use the uart_flash_programmer tool, refer to f29h85x-sdk_1_01_00_00\docs\html\UART_FLASH_PROGRAMMER_PAGE.html

Here is an example of how the uart_flash_programmer_appIn.exe is used with the flash-based SBL:

Uart_flash_programmer_appIn.exe -d f29h85x –k flash_kernel.bin –a1 cpu1_application.bin -a3 cpu3_application.bin –p COM34