19.3.2.1 Bootstrap Ciphering

Before update, the bootstrap must be ciphered in accordance with the Secure Boot mode selected.

When the Pairing mode is used, the bootstrap authentication code and ciphering differ for each device, because it is paired using the device unique ID. Remote update in the field is possible if the system can connect to a server. The system sends its chip ID to the server, and the server computes the new bootstrap that is sent back to the system.

In this case, it is highly recommended to not try any field update in this mode.

For other Secure Boot modes, the bootstrap can be prepared using the Secure SAM-BA cipher tool, and then deployed for an update on all devices.

Securing *.CIP files

Microchip’s Secure SAM-BA Cipher utility outputs encrypted *.CIP files for use in provisioning at final manufacturing. As these files contain both customer keys and firmware, the *.CIP files must be securely stored with restricted and controlled access.