Boot Configuration Panel
Allows configuration of boot specific options and contains Import/Export buttons for binary IVT image.
|
|
Information about GMAC and ADKP configuration can be found in the GMAC section
|
Represents the configuration data used for advancing life cycle. It is used to limit by design the configuration and debug / test possibilities of the device for in-field usage. Advancing the life cycle will require the HSE pointer to be imported and the HSE FW to be configured.
The selection options for this setting are:
- Keep the existing configuration - Life cycle state does not advance to IN_FIELD or OEM_PROD
- IN_FIELD - Life cycle state advances to IN_FIELD
- OEM_PROD - Life cycle state advances to OEM_PROD
For S32K3 family processors the advance life cycle address can be configured.
|
|
- HSE Firmware Feature Usage - This flag is an indication to Secure BAF that application intend to use HSE firmware on the device. By default, this flag is unprogrammed and Secure BAF assumes that HSE firmware installation is not allowed in the secure samples.
- Boot optimization debug authentification - This flag determines whether debug authentication required by Secure BAF. If this flag is not programmed and valid HSE Firmware is present then secure BAF doesn’t perform debug authentication.
- Debug authorization - This flag determines if the debug authorization scheme of application cores is password based or challenge response. By default, password based debug authorization is performed for application cores.
- IVT XRDC GMAC - This flag determines whether GMAC based authentication of IVT structure needs to be done by Secure BAF. By default, Secure BAF does not perform any GMAC based authentication but application can enable this feature by programming the flag.
- Secure recovery enablement - This flag determines whether secure recovery of application is requested. If this flag is unprogrammed then Secure recovery is not executed by Secure BAF.
|
The Interface selection panel lets the user choose between available boot device types.
For QuadSPI Serial Flash and the Configure QuadSPI parameters checked, the memory will have a reserved segment in the [ 0x200 – 0x3FF ] area. And for SD boot device, the segments must be aligned at 512 bytes.
Under the Interface selection panel are the Import/Export IVT Image buttons, Import/Export Blob image buttons and Flash image button. For more information about exporting please visit IVT Export (IVT Export).
Also, the start address of the IVT image is displayed in this panel.
|
By default, 'IVT Image Start Address' is a read-only variable and its value is 0x0. It can be customized to be writable but the client should not tweak the encrypted data by himself to make it so.
|
By checking the ‘Sign Image’ button, the IVT image will be signed when it is exported or when the blob image is exported. Galois Message Authentication Code (GMAC) is generated only if the ADKP text file has been loaded.
|
This feature is available in the Boot Configuration view, in Automatic Align panel.
In case two segments occupy the same memory zone, the tool will report an overlapping conflict. IVT Image with overlapping conflicts is invalid and cannot be exported.
This overlapping problem can be solved by manually changing the start address of the overlapping segments or by using the automatic align feature.
The start address from where all the segments will be aligned can be configured and when the align button is pressed, all segments that do not have a locked address will have their address changed in order to ensure there is no overlapping conflict and the segment address is under the automatic align start address.
The user can change the start address from where the alignment process will align the segments.
|
By locking a segment address, the automatic align process will skip alignment of the locked segment.
|
|