Infineon AN229058 User Manual

Application Note Please read the Important Notice and Warnings at the end of this document 002-29058 Rev. *A

www.infineon.com page 1 of 36 2021-02-24

AN229058

Secure Firmware Over-The-Air (FOTA) Update in Traveo II

About this document

Scope and purpose

AN229058 explains the different steps involved in developing a secure and reliable Firmware Over-The-Air

(FOTA) update in Traveo™ II MCU. Note that this document does not explain the setting up of a wireless

interface to perform an update over the air, rather explains how a logical flash bank in the Traveo II MCU can be

updated with the new image and how reliably (using Traveo II MCU’s Secure Boot Mechanisms) the boot code

can jump to the new image if successfully authenticated.

About this document ....................................................................................................................... 1

Table of contents ............................................................................................................................ 1

1 Introduction .......................................................................................................................... 3

2 Introduction to FOTA .............................................................................................................. 4

2.1 Challenges with Conventional FOTA (without Secure Boot) ................................................................. 4

3 Bank Switching Mechanism in Traveo II .................................................................................... 6

4 Introduction to Secure Boot .................................................................................................... 7

4.1 Secure Boot Mechanism for Secure FOTA .............................................................................................. 7

4.1.1 Dual Bank Manager ............................................................................................................................ 8

4.1.2 ROM Boot Functions for FOTA ........................................................................................................... 8

4.1.3 Flash Boot Functions for FOTA .......................................................................................................... 8

4.1.4 Dual Bank Manager Functions for FOTA ............................................................................................ 8

4.1.5 CM0+ Application Functions for FOTA ............................................................................................... 8

4.1.6 Chain of Trust (CoT) for Secure FOTA ................................................................................................ 9

4.1.7 Work Flash Marker .............................................................................................................................. 9

5 Dual Bank Manager ................................................................................................................ 11

5.1 Disabling Interrupts ............................................................................................................................... 12

5.2 Updating VTOR ...................................................................................................................................... 12

5.3 Disabling SRAM ECC Check ................................................................................................................... 12

5.4 Initializing Stack .................................................................................................................................... 13

5.5 Initializing SRAM Function Memory Region and Enabling ECC Check ................................................ 13

5.6 Disabling Work Flash Bus Error ............................................................................................................. 14

5.7 Pseudo Code .......................................................................................................................................... 14

5.7.1 Magic Word Check ............................................................................................................................ 16

5.7.2 Authentication Check ....................................................................................................................... 16

5.7.3 Authentication Failure ..................................................................................................................... 18

5.7.4 SFlash to SRAM Copy ........................................................................................................................ 18

5.8 Digital Signature Verification Function ................................................................................................ 19

6 SRAM Function for Flash Bank Management ............................................................................. 21

6.1 Configure Flash as Dual Bank ............................................................................................................... 21

6.2 Configure Flash Map .............................................................................................................................. 22

Application Note 2 of 36 002-29058 Rev. *A 2021-02-24

Secure Firmware Over-The-Air (FOTA) Update in Traveo II

Table of contents

6.3 Memory Barrier Operations and Cache Invalidation ........................................................................... 22

6.4 Branch to CM0+ Application .................................................................................................................. 23

7 Summary ............................................................................................................................. 24

8 Appendix - Dual Bank Manager: Dependencies .......................................................................... 25

8.1 Constants ............................................................................................................................................... 25

8.2 Dual Bank Manager Vector Table .......................................................................................................... 26

8.3 SRAM Function Space Reservation ....................................................................................................... 27

8.4 Macros .................................................................................................................................................... 28

8.4.1 flashmarkers ..................................................................................................................................... 28

8.4.2 addrmarker ....................................................................................................................................... 28

8.4.3 ramdatamarker ................................................................................................................................ 28

8.5 CySAF ..................................................................................................................................................... 29

8.6 TOC2 Details .......................................................................................................................................... 29

8.7 Transition to Secure .............................................................................................................................. 31

8.8 Required Tools ...................................................................................................................................... 32

Glossary ....................................................................................................................................... 33

Related Documents ........................................................................................................................ 34

Revision history............................................................................................................................. 35

Application Note 3 of 36 002-29058 Rev. *A 2021-02-24

Secure Firmware Over-The-Air (FOTA) Update in Traveo II

Introduction

1 Introduction

This application note describes how FOTA (Firmware Over-The-Air) updates can be securely performed in

Cypress Traveo™ II MCUs. The series includes Arm® Cortex®-M CPUs with enhanced secure hardware extension

(eSHE) or Hardware Security Module (HSM), CAN FD, memory, and analog and digital peripheral functions in a single chip.

In the Automotive embedded systems, FOTA update is a remote software management technology that helps to perform wireless firmware upgrade on the device. Upgrading the device firmware once it is on the field might be essential especially when the system demands critical bug fixes, addition of a new feature, removal of an existing feature, and so on.

The complete implementation of FOTA is highly dependent on the device architecture (here Traveo II device).

Traveo II MCU’s internal Code Flash architecture supports Dual Bank Modes, which are mainly targeted for

FOTA applications. This architecture ensures that the existing application is uninterrupted while a FOTA update happens and the new application is launched securely. The FOTA update should also mandate a roll-back mechanism to the old firmware if the new update is corrupted or interrupted for any reason.

This application note mainly focuses on the development of a Dual Bank Manager code, which helps you to check the validity of the new application image (using Cryptographic authentication functions) and then ensure that the validated image is launched by correctly modifying the Flash Bank and Remap registers.

Note that this is an advanced application note. See the following application notes before proceeding:

• AN220242 - Flash Rewriting Procedure for Traveo II Family

• AN228680 - Secure System Configuration in Traveo II Family

Application Note 4 of 36 002-29058 Rev. *A 2021-02-24

Secure Firmware Over-The-Air (FOTA) Update in Traveo II

Introduction to FOTA

2 Introduction to FOTA

Figure 1 illustrates a typical example for a FOTA system in the automotive network.

Figure 1 Typical FOTA System

The master Electronic Control Unit (ECU) communicates with the Cloud to receive the new image. It can then implement a Gateway (based on CAN-FD for example) to update the images of the other Traveo II subsystems like the HVAC system and the Body Control Module. This communication can also be made secured using Crypto encryption and decryption and by using Protection Units (for example, Software Protection Units (SWPUs)), which allows only those ECUs with privileges for Flash Writes to perform flash upgrades.

Traveo II device supports True FOTA. This means that the:

• Update of the software image happens in the background. There is no interruption of application service.

• Update can be rolled back if there is a failure or as needed by the application.

This True FOTA is possible with Traveo II device as it supports:

• Dual bank Flash

• Read-while-write memory, allowing execution of software (read) while programming (write)

• Multiple levels of security and secure boot

2.1 Challenges with Conventional FOTA (without Secure Boot)

Figure 2 shows the Code Flash memory mapping for an 8-MB memory in Traveo II device.

Application Note 5 of 36 002-29058 Rev. *A 2021-02-24

Secure Firmware Over-The-Air (FOTA) Update in Traveo II

Introduction to FOTA

Figure 2 Code Flash Memory Mapping for 8-MB Code Flash

FOTA architecture uses Dual Bank Mode. If there is a power failure or any other hardware issues during the FOTA upgrade, Traveo II device might enter a corrupted state. For instance, if there is a FOTA request while the application is executing code in Mapping B, the new image must be written to Logical Flash Bank 0. Now, if there is a power failure or corruption while the first few sectors were getting updated, Traveo II device could enter into a lock-up or corrupted state after the next reset because Flash boot always executes in Single Bank mode and by default jumps to the address specified by the Address of First User Application Object (that has the vector table, which is now corrupted) in TOC2 (see section 8.6). Implementing a secure boot mechanism based on the techniques discussed in this application note will help mitigate this issue.

Application Note 6 of 36 002-29058 Rev. *A 2021-02-24

Secure Firmware Over-The-Air (FOTA) Update in Traveo II

Bank Switching Mechanism in Traveo II

3 Bank Switching Mechanism in Traveo II

In Traveo II family MCUs, OTA functionality is handled by two separate bits in the FLASHC_FLASH_CTL register. The MAIN_BANK_MODE bit is used to configure flash bank mode between Single and Dual Banks. MAIN_MAP bit is used to configure flash region between Mapping A and Mapping B. Both these bits are cleared by reset. ROM boot and Flash boot do not touch these configurations. In other words, Traveo II family MCU always boots up in Single Bank mode before the Arm Cortex-M0+ program starts. The application needs to configure dual bank and remap function as required.

Note: The MAIN_BANK_MODE bit is part of the FLASHC_FLASH_CTL register. Dual Bank mode is enabled

if FLASHC_FLASH_CTL.MAIN_BANK_MODE = 1.

Note: The MAIN_MAP bit is also part of the FLASHC_FLASH_CTL register. Mapping A is used if this bit is “0”

and Mapping B is used if this bit is “1”.

For more details on FLASHC_FLASH_CTL register, see the Registers Technical Reference Manual (TRM).

Note that the Dual Bank Manager software which is intensively discussed in the application note configures the Bank Mode and Mapping registers based on certain criteria. This Dual Bank Manager software is programmed to the user SFlash memory and is triggered by CM0+ after the normal Flash Boot operations.

For more details on Bank switching, see AN220242 - Flash Rewriting Procedure for Traveo II Family.

Also, note that the bits MAIN_BANK_MODE and MAIN_MAP must not be modified by any code executed from the Code Flash or SFlash as this involves sudden changes in the Flash geometry. In the implementation described in this application note, Dual Bank Manager copies a code from SFlash to SRAM, and this code which is executed out of SRAM configures these bits.

Application Note 7 of 36 002-29058 Rev. *A 2021-02-24

Secure Firmware Over-The-Air (FOTA) Update in Traveo II

Introduction to Secure Boot

4 Introduction to Secure Boot

This section introduces Traveo II MCU’s boot sequence. For a detailed description of Traveo II MCU’s security features, different lifecycle stages, and implementation of secure boot sequence, see AN228680 - Secure

System Configuration in Traveo II Family.

Traveo II MCU’s boot sequence (Figure 3) is based on the ROM boot code and flash boot code implemented for different lifecycle stages. Figure 3 shows how the CM0+ operation starts from reset. After reset, CM0+ starts executing from ROM boot. ROM boot validates SFlash. After validation of SFlash is complete, execution jumps to flash boot and configures the DAP as needed by the protection state. Notice the color coding that depicts the memory type where data and code reside.

SFlash Validation

(HASH Calculation)

Data

System Reset

FACTORY_HASH (Normal)

SECURE_HASH (Secure)

Data pointed to in TOC (1 & 2)

* Trim Values

* Unique ID

* Flash Boot Code

* Public Key (Secure Only)

HASH Valid?

Validate Secure Image

(Validate Digital Signature,

default is RSA-2048 )

Valid

Signature?

Public Key

Secure Image

Digital Signature

Secure Image Code

Jump to Flash Boot

Execute Secure Image

Error

(Idle Loop)

Error

(Idle Loop)

Valid

Invalid

Valid

Note:

In Normal Protection State, the

FACTORY_HASH is used to Verify.

In Secure Protection State, the

SECURE_HASH is used to Verify.

Data

Note:

Generate or Edit the following Fields:

* Secure Image with Digital Signature

* Public Key

* TOC2

: Data or code is located in ROM.

: Data or code is located in Sflash memory.

: Data or code is located in Flash memory.

: Data or code is located in eFuse.

Figure 3 Traveo II Boot Sequence

The flash boot then validates the first application listed in TOC2 and jumps to its entry point, if validated. This image is the secure image. If the secure image is found to be invalid or corrupted, the CPU will jump to an idle loop and stay in the idle loop until the device is reset.

4.1 Secure Boot Mechanism for Secure FOTA

The Secure FOTA architecture and sample codes proposed with this application note uses a slightly different mechanism for the secure boot process. The proposed architecture and software assume that you transition the Traveo II device lifecycle stage to Secure or Secure with Debug after the following updates are done:

• User SFlash rows (Row 4 to Row 7) are programmed with the Dual Bank Manager code. For more details on

SFlash rows, see the Traveo II MCU Programming Specifications document.

Application Note 8 of 36 002-29058 Rev. *A 2021-02-24

Secure Firmware Over-The-Air (FOTA) Update in Traveo II

Introduction to Secure Boot

• Public key is programmed to the SFlash Rows (Row 45 to Row 50).

• TOC2 is programmed to SFlash Row 62.

Note that when Traveo II device transitions to secure lifecycle stage, the SFlash rows can no longer be programmed. Also, the transition to secure lifecycle stage will compute the Secure Hash and blow the associated E-Fuse bits.

4.1.1 Dual Bank Manager

This application note majorly focusses on the development of a Dual Bank Manager code, which helps in validating the CM0+ application image and accordingly updates the Flash Bank and Remap registers to execute code from the correct Flash Bank. For software details and complete implementation of this Dual Bank Manager, see Dual Bank Manager. Note that this Dual Bank Manager code is implemented in the User SFlash rows as part of SFlash (SFlash Row 4 to SFlash Row 7).

Dual Bank Manager is developed according to the Cypress Secure Application Format (CySAF), but with no added digital signatures or space restricted for digital signatures. This provides additional advantage of storing any other user-specific data in the available SFlash user rows. This Dual Bank Manager code is then added as an additional object in TOC2 and will be authenticated by the ROM boot. To know more about the TOC2 structure, see section 8.6.

4.1.2 ROM Boot Functions for FOTA

When Traveo II device is in the Secure Lifecycle stage, the ROM boot also validates the contents of TOC2 against the SECURE_HASH in E-Fuse. Since the Dual Bank Manager code is added as an additional object in the TOC2, its authenticity is also automatically validated by the ROM boot code. Since the Dual Bank Manager code is part of SFlash memory, which is no longer programmable beyond Secure Lifecycle stage, the probability of any corruption in the Dual Bank Manager is also minimal. Once the ROM boot has successfully validated all necessary objects, ROM boot code jumps to the Flash Boot Code.

4.1.3 Flash Boot Functions for FOTA

In the proposed architecture in this application note, Application Authentication Control by the Flash Boot is disabled. This means TOC2_FLAGS. APP_AUTH_CTL = 1. Also, the Dual Bank Manager address is provided as the CM0+ First Application Object in TOC2. Hence, the Flash boot code directly jumps to the Dual Bank Manager. There is no risk involved even if the authentication is disabled since the Dual Bank Manager code was already authenticated by the ROM boot.

4.1.4 Dual Bank Manager Functions for FOTA

In the proposed architecture in this application note, CM0+ image is built according to CySAF. This means that there is a digital signature (encrypted using Private Key) associated with this image and associated public keys in the SFlash. The Dual Bank Manager checks the validity of this secure image. It first checks the validity of the latest image, which is updated over FOTA. If the new image is invalid, it checks the validity of the old image. The Dual Bank Manager then updates the Flash bank and Remap registers to set the correct logical bank/mapping, and then jumps to the CM0+ application image. If both images are invalid, the Dual Bank Manager will be in an infinite loop.

4.1.5 CM0+ Application Functions for FOTA

CM0+ image which is now authenticated by the Dual Bank Manager can additionally authenticate the CM4 or CM7 application image. This should be done by the CM0+ application image and is not automatically done by Traveo II Boot code or by the Dual Bank Manager.

Application Note 9 of 36 002-29058 Rev. *A 2021-02-24

Secure Firmware Over-The-Air (FOTA) Update in Traveo II

Introduction to Secure Boot

4.1.6 Chain of Trust (CoT) for Secure FOTA

Summarizing steps 4.1.2 to 4.1.5, the CoT during the device boot happens in the following order in the SECURE protection state.

ROM BOOT FLASH BOOT

DUAL BANK

MANAGER

CM0+ IMAGE CM4/CM7 IMAGE

Table 1 summarizes the protection mechanism for each component involved in the boot flow in secure FOTA.

Table 1 Components Involved in Secure FOTA

Boot Component

Launched By

Protection Mechanism

Function

ROM Boot

Reset

Inherit (This is fixed by design)

ROM boot authenticates the Flash boot and the Dual Bank Manager code (which is added as an extra object in TOC2) and jumps to Flash boot.

Flash Boot

ROM Boot

SECURE_HASH check which is performed by the ROM Boot

Flash boot triggers the Dual Bank Manager function.

Dual Bank Manager

Flash Boot

SECURE_HASH check which is performed by ROM Boot since this code is added as an additional object in TOC2

Dual Bank Manager validates the new CM0+ image over FOTA and updates the Flash Bank/Mapping registers accordingly. Dual Bank Manager then jumps to the CM0+ image.

CM0+ Image

Dual Bank Manager

Dual Bank Manager checks the digital signature authentication of the CM0+ image using the public keys that are programmed to SFlash

CM0+ image can validate the authenticity of the CM4/CM7 application image and can jump to it if valid.

CM4/CM7 Image

CM0+ Image

CM0+ image checks the digital signature authentication of the CM4/CM7image using the public keys that are programmed to SFlash.

CM4/CM7 image is the main application image.

4.1.7 Work Flash Marker

Since MAIN_BANK_MODE and MAIN_MAP bits of FLASHC_FLASH_CTL register are volatile, the values on these bits will not be retained across resets. Hence, to update this register in the Dual Bank Manager, the support of some nonvolatile memory is required. Small sector of the Work Flash (128 Bytes) is a suitable memory for this purpose.

In the implementation described in this application note, first small sector of the Work Flash is used. Note that this sector is reserved for FOTA and no other information will be stored in this sector as it will be erased and written after every successful FOTA update. It is recommended to configure a SWPU object to protect this sector from any unintended erase or program. If FOTA is completed in Map A, the first 32 bits of this Work Flash sector is updated to 0xAAAAAAAA (Magic Word) and if FOTA is completed in Map B, it is updated to 0xFFFFFFFF.

Application Note 10 of 36 002-29058 Rev. *A 2021-02-24

Secure Firmware Over-The-Air (FOTA) Update in Traveo II

Introduction to Secure Boot

There is a probability that the FOTA update might be interrupted during the Work Flash update and the Work Flash sector gets erased. The contents of an erased Work Flash sector are unpredictable. To avoid any ECC errors and associated Bus Faults while reading Work Flash in erased state, the FLASHC_FLASH_CTL. WORK_ERR_SILENT is set in the Dual Bank Manager before reading the Work Flash. Note that this bit will be enabled later in the application.

Note: This Work Flash marker only indicates which Mapping will be applied to MAIN_MAP bit of

FLASHC_FLASH_CTL register. The start addresses of the applications (for authentication checks) are stored in SFlash. The addresses are CY_APP_START_ADDR_LB and CY_APP_START_ADDR_UB. See section 8.1.

Application Note 11 of 36 002-29058 Rev. *A 2021-02-24

Secure Firmware Over-The-Air (FOTA) Update in Traveo II

Dual Bank Manager

5 Dual Bank Manager

Figure 4 shows the flowchart for the Dual Bank Manager. For details on flashmarkers, see section 8.4.1.

Note that the Dual Bank Manager must be developed according to CySAF format and placed at the SFlash location 0x17000800. This can be done with the support of necessary linker scripts.

Reset

Launch

Dual Bank Manager

Disable CM0+ Interrupts

Update CM0+ VTOR

Disable SRAM ECC Check *

Initialize Stack Memory and

SRAM Memory used by SRAM

Function for Flash Bank

Management *

Enable SRAM ECC Check *

Set

FLASHC_FLASH_CTL.WORK

_ERR_SILENT

Is Marker in

WorkFlash = Magic

Word?

Is Authentication Flag DISABLED?

Authentication

Flag

DISABLED?

Upper Bank

Valid?

Is Lower

Bank

Valid?

Lower Bank

Valid?

Upper Bank

Valid?

Set Register R6 Clear Register R6

Copy the Flash Bank

Management Function to

SRAM

Invalid

Image

Yes

No No

* This is only applicable for Traveo II devices with 64-bit based ECC SRAM.

Yes

Figure 4 Dual Bank Manager Flow Chart

+ 25 hidden pages