|
| 1 | +<picture> |
| 2 | + <source media="(prefers-color-scheme: dark)" srcset="../images/microchip_logo_white_red.png"> |
| 3 | + <source media="(prefers-color-scheme: light)" srcset="../images/microchip_logo_black_red.png"> |
| 4 | + <img alt="Microchip Logo." src="../images/microchip_logo_black_red.png"> |
| 5 | +</picture> |
| 6 | + |
| 7 | +## Secure Boot and Secure Firmware Upgrade over CAN-FD Demo |
| 8 | + |
| 9 | + |
| 10 | + |
| 11 | +## Introduction |
| 12 | +The associated bootloader and application projects demonstrate the following: |
| 13 | +* Immutable secure boot via CodeGuard |
| 14 | +* A/B type bootloading with Flash partitioning to support two firmware images and anti-roll back |
| 15 | +* Secure boot authentication via ECDSA signature verification |
| 16 | +* Secure firmware update via CAN-FD |
| 17 | +* Crypto acceleration via TA100 |
| 18 | + |
| 19 | +## Related Documentation |
| 20 | +* [dsPIC33C Touch-CAN-LIN Curiosity Development Board User's Guide](https://www.microchip.com/en-us/development-tool/EV97U97A) |
| 21 | +* [dsPIC33CK1024MP710 Datasheet](https://www.microchip.com/en-us/product/dsPIC33CK1024MP710) |
| 22 | + |
| 23 | +## Tools |
| 24 | + |
| 25 | +#### Software |
| 26 | +* **THIS PROJECT REQUIRES A NON PUBLIC COPY OF THE CRYPTOGRAPHIC AUTHENTICATION LIBRARY (CAL) FOR TA100 SUPPORT! CONTACT MICROCHIP TO OBTAIN A COPY. YOU MUST REQUEST VERSION CryptoAuthLib 3.6.1 or later** |
| 27 | +* The unzipped example project files, boot.X and app.X |
| 28 | +* [MPLAB® X IDE v6.15 or later](https://www.microchip.com/en-us/tools-resources/develop/mplab-x-ide) |
| 29 | +* [MPLAB® XC16 v2.10 or later](https://www.microchip.com/en-us/tools-resources/develop/mplab-xc-compilers) |
| 30 | +* [Universal Bootloader Host Application v1.19.3 or later](www.microchip.com/16-bit-bootloader) |
| 31 | +* Device Family Pack 1.12.354 |
| 32 | +* [MPLAB® Code Configurator (MCC) v5.6.1 or later (optional - for code configuration)](https://www.microchip.com/en-us/tools-resources/configure/mplab-code-configurator) |
| 33 | +* 16-Bit Bootloader MCC module v1.25.0 or later (optional - for code configuration) |
| 34 | +* The drivers for the selected Peak CAN-FD protocol analyzer/protocol generator (available at https://www.peak-system.com/Home.59.0.html?&L=1) |
| 35 | + |
| 36 | + |
| 37 | +#### Hardware |
| 38 | +* [dsPIC33C Touch-CAN-LIN Curiosity Development Board (EV97U97A)](https://www.microchip.com/en-us/development-tool/EV97U97A) |
| 39 | +* A Peak CAN protocol analyzer/protocol generator. A PCAN-USB FD was used for development of this demo (https://www.peak-system.com/PCAN-USB-FD.365.0.html?&L=1) |
| 40 | +* A CAN cable |
| 41 | +* A CAN-FD bus terminator (or modify the Peak analyzer per their user's guide for proper CAN-FD termination) |
| 42 | +* A micro USB cable, a USB-Type C cable, or a 9v power adapter for the dsPIC33C Touch CAN LIN Curiosity Development Board (for powering the board) |
| 43 | +* [TA100 Trust Anchor External HSM 8-Pin SOIC](https://www.microchip.com/en-us/product/ta100) |
| 44 | +* [TA100 8-Pin SOIC CryptoAutomotive™ Socket Board](https://www.microchip.com/en-us/development-tool/AC164167) |
| 45 | + |
| 46 | +## Running the Demo |
| 47 | + |
| 48 | +##### Hardware Setup |
| 49 | +1. With the Development Board detached from any power source, programmer, or USB connection, connect the TA100 8-Pin SOIC CryptoAutomotive™ Socket board into the mikroBUS™ A slot with the jumpers set for SPI |
| 50 | +2. Connect the Peak analyzer/generator to your computer |
| 51 | +3. Connect the Peak analyzer/generator to the CAN/CAN-FD Driver Circuit on the Development Board |
| 52 | +4. Connect the micro-USB cable to port J1 of the Development Board to the host computer. |
| 53 | + |
| 54 | + |
| 55 | + |
| 56 | +#### Programming the Bootloader |
| 57 | +1. Open the boot.X project in MPLAB® X |
| 58 | +2. Open MCC |
| 59 | +3. Right click on Project Resources and select "Force Update on All" |
| 60 | + |
| 61 | +4. Click "Generate" |
| 62 | + |
| 63 | +5. Accept all incoming code changes for files **within the CryptoAuthenticationLibrary directory** by selecting "Replace All" in the merge helper UI. **NOTE: DO NOT accept incoming changes for boot_demo.c. Accept all other file changes and close out of MCC** |
| 64 | + |
| 65 | +6. Press the “Make and Program” button on the top bar |
| 66 | + |
| 67 | +7. Select the appropriate programmer if prompted |
| 68 | +8. The project should compile and program successfully |
| 69 | +9. Verify the LED11 is solid on the Development Board. This indicates the bootloader is running |
| 70 | + |
| 71 | +#### Building the Application |
| 72 | +1. Open the app.X project in MPLAB® X |
| 73 | +2. Press the “Clean and Build Project” button on the top bar. **NOTE**: Make sure not to hit the program button. This will program the application code over the bootloader that was just programmed |
| 74 | + |
| 75 | +3. The project should compile cleanly. app.X/dist/default/production/app.X.production.hex should be generated |
| 76 | +4. Verify that LED11 is still solid |
| 77 | + a. If LED11 is blinking instead of solid, then the application code was programmed instead of only compiled. Go back to the “Programming the Bootloader” stage and re-program the bootloader |
| 78 | + |
| 79 | +#### Loading the Application |
| 80 | +1. Open the Universal Bootloader Host Application tool (UBHA) |
| 81 | + |
| 82 | +2. Select the “PIC24/dsPIC” option from the “Device Architecture” selection drop down |
| 83 | + |
| 84 | +3. Select “CAN” from the protocol drop down selection box |
| 85 | + |
| 86 | +4. Select the “Settings->CAN” option from the top menu |
| 87 | + |
| 88 | +5. Select the Peak protocol analyzer being used and the appropriate CAN configuration settings for this demo (listed below). When complete, press “Apply”: |
| 89 | + a. Nominal Bit Rate: 125.00 kbits/s |
| 90 | + b. CAN-FD: enabled |
| 91 | + c. CAN-FD TX Data Length: 8 |
| 92 | + d. Flexible Data Rate: Enabled |
| 93 | + e. Flexible Data Rate: 2Mbits/s |
| 94 | + f. Message Format: Standard |
| 95 | + g. Host to Device ID: 0xA1 |
| 96 | + h. Device to Host ID: 0xA2 |
| 97 | + |
| 98 | +6. Press the "Read Device Settings" button |
| 99 | + a. The Application start address and Application end address fields should have updated. If it did not or if you get a communication error, please go back to the “Programming the Bootloader” stage to make sure the bootloader was programmed correctly |
| 100 | + |
| 101 | +7. Load the application hex file by selecting “File->Open/Load File (*.hex)” |
| 102 | + a. Select the file generated in the previous section: app.X/dist/default/production/app.X.production.hex |
| 103 | + |
| 104 | +8. Check the "Enable Self Verification After Program" checkbox |
| 105 | + |
| 106 | +9. Press “Program Device”. The application should program erase, program and perform a self verify using the TA100 for an ECDSA verify then read back verify correctly. Note: The reset response may not be fully transmitted before reset which may result in the reset response failing. The reset most likely did occur and the error can be safely ignored. |
| 107 | + a. After a few seconds, LED11 should be blinking |
| 108 | + |
| 109 | + |
| 110 | +## Trademarks |
| 111 | + |
| 112 | +MPLAB® is a registered trademark of Microchip Technology Inc. All other trademarks are the property of their respective owner. |
0 commit comments