The flash boot loader project shared_key_boot_serial is an example based on the current flash serial boot loader implementation with these additional features:
- The boot loader exists in the first 16KB of flash space
- The boot loader checks for 256-bit keys stored in two blocks of EEPROM.
- If no valid keys are found (keys that are all FFs are invalid):
- The boot loader enters a mode waiting to upload an image without decrypting that image. If the image starting at 0x4000 contains only 1 to 4 valid keys, those keys are copied to the EEPROM and the sector at 0x4000 is erased.
- The boot loader checks that JTAG is disabled. If not, it disables JTAG, and write protects the first sector of flash (release configuration only).
- If a valid key image is found:
- The boot loader decrypts the incoming data stream using AES decryption with a 256-bit key before programming the data.
- The incoming image should consist of a full flash image starting at address 0x4000, with the 16 bytes at the end of flash containing the authentication signature.
- The flash end address, APP_END, is defined in the header file linker_defines.h. This file is used by the key creation project and the boot loader project. The flash application end address can be defined smaller than the actual flash end to reduce the time to update a device, but once defined in the boot loader, that becomes the maximum size of the image that can be uploaded into that device.
- The boot loader computes an AES-CBCMAC signature on the data from address 0x4000 to the end of flash minus 16 bytes.
- If that signature matches the one stored at the end of flash, the boot loader hides the EEPROM blocks that contain the keys and jumps to the application code.
Tip: A method to change the encryption keys would be to add a new function that can revoke the current key using a valid hash with the current key and a specific command.