7.1 Description

The bootloader loads the program from an external host to the internal memory of the PL460. It allows loading of plain programs or secured programs. When a secured program is loaded, the original program length must be padded to become a multiple of 16 bytes, and the length (number of blocks, where a block is a 16 byte set) must be specified for correct signature validation and decryption.

Signature uses AES128 CMAC. Signature can be calculated over the {Encrypted Software} or over {Encrypted Software + Initialization Vector + Number of Blocks-1}. The number of blocks for signature calculation will be specified as a 16 byte integer number in the {image}, although the number is programmed as a 16-bit integer in the corresponding register of the bootloader.

Decryption of the secured program uses AES128 CBC.

When secured software transfer has been selected, system operation will not start unless signature validation and decryption pass correctly.

The bootloader also allows programming of security keys and security control fuses.