Is it possible to use hardware other than a standard SPI port on a single chip to boot in secure mode?
Where are the specs for the SPI Flash device?
Secure Flash Interface
-
- Member++
- Posts: 20
- Joined: Fri Oct 22, 2010 3:06 pm
-
- Experienced Member
- Posts: 126
- Joined: Fri Feb 12, 2010 10:31 pm
Hi smuraski,smuraski wrote:Is it possible to use hardware other than a standard SPI port on a single chip to boot in secure mode?
Where are the specs for the SPI Flash device?
There are a number of SPI flash devices supported; the list of devices is in the flash.h header in the /target/include subdirectory of the XMOS tools installation.
Code: Select all
typedef enum {
UNKNOWN = 0, /**< Unknown flash device. */
ALTERA_EPCS1, /**< Altera EPCS1. */
ATMEL_AT25DF041A, /**< Atmel AT25DF041A. */
ST_M25PE10, /**< ST M25PE10. */
ST_M25PE20, /**< ST M25PE20. */
ATMEL_AT25FS010, /**< ATMEL AT25FS010. */
WINBOND_W25X40BV, /**< Winbond W25X40BV. */
}
As far as secure boot goes, that refers to loading a program into the one-time programmable (OTP) memory of an xcore. You can set the chip to only boot from that memory, and it is internal to the chip so there is no interfacing to do. The memory size is limited, and it is not rewritable. For example, you could place a bootloader on the OTP that loads an encrypted program from SPI or another interface and decodes it. From this point of view, you could boot from just about anything if you write the code to do it (e.g. I2C or SD card). The SPI boot mode is the only off-core boot mode supported by the G-series devices, and the L-series devices support booting via SPI or an XLink. Neither of these is secure though, so it seems likely you're looking for the method using either only OTP memory or a bootloader in OTP to decrypt the software.
-
- Member++
- Posts: 20
- Joined: Fri Oct 22, 2010 3:06 pm
Hello Brendan,
Thanks for the feedback. I was fairly certain this was the case, but being new to the XMOS world I wanted to get some other opinions. I have only had 2 days exposure and information spread out accross all sorts of docs. Appreciate your input.
Thanks for the feedback. I was fairly certain this was the case, but being new to the XMOS world I wanted to get some other opinions. I have only had 2 days exposure and information spread out accross all sorts of docs. Appreciate your input.
-
- Experienced Member
- Posts: 126
- Joined: Fri Feb 12, 2010 10:31 pm
No worries, glad to help! I'm just using development boards at the moment for personal projects, so I don't know all the ins and outs of the secure boot options. However, there are definitely encryption options including 128-bit AES available for free in the projects section, and a number of people have discussed bootloaders. I'm sure if you have specific questions the XMOS people can help, and the forums are a great place to get a feel for the community contributions.smuraski wrote:Hello Brendan,
Thanks for the feedback. I was fairly certain this was the case, but being new to the XMOS world I wanted to get some other opinions. I have only had 2 days exposure and information spread out accross all sorts of docs. Appreciate your input.
Cheers,
Brendan
-
- Experienced Member
- Posts: 69
- Joined: Mon May 17, 2010 10:19 am
I'm not quite sure what you're asking there. Yes, you can use a SPI flash device on non-standard ports (i.e. not the ones expected by the boot ROM). There are no facilities for it to use anything other than a SPI flash device.smuraski wrote:Is it possible to use hardware other than a standard SPI port on a single chip to boot in secure mode?