2 SAM-BA Loader

SAM-BA is the tool designed for Microchip MPUs to:

• Customize the boot sequence
• Enable the Secure Boot mode
• Securely provision a customer key (and optionally an RSA root certificate hash) into the device fuses or OTP
• Program a bootstrap and application on external Flash memories connected to the device

The main update in SAM-BA v3.5 eases the customer key provisioning for SAMA5D2 and SAMA5D3 products, where different ciphered files must be sent depending on the version of the ROM code.

When a device family needs different files depending on its targeted version, Secure SAM-BA Cipher tool generates all the required files automatically and adds an appropriate suffix.

Then, all output files must be copied without renaming into the directory to be used by SAM-BA tool.

SAM-BA automatically selects the right file to be sent to the target by autodetecting the version of the connected device.

To ease the transition from SAM-BA 3.x to SAM-BA 3.5, and minimize the modification in existing scripts, only a single command line is required. SAM-BA automatically reads the device version and sends the correct file.

As an example, for the SAMA5D3 family, the customer-key command of Secure SAM-BA Cipher generates two output files, named customer-key_sama5d3x.cip and customer-key_sama5d3x_nk.cip, respectively.

Both must be copied into the folder where the SAM-BA tool can find them. It then selects the correct file when executing the write-customer-key command.

For those devices that do not require multiple files, only one is generated as for the previous Secure SAM-BA Cipher versions.

Command line examples are provided in the sections that follow.