4.2 Immutable Boot

The PIC32CX SG41/SG61 family of devices feature an immutable boot mechanism designed to ensure a secure boot process. This security feature includes a size-adjustable immutable segment within the Flash memory, equipped with boot read protection capabilities. Once designated as immutable, this segment becomes a one-time programmable area, preventing any modifications to the boot code after it is set.

The Trust Platform Design Suite (TPDS) supports the immutable boot process by offering tools for developing secure applications. This process involves creating a private or public key pair, loading the boot image with the public key, and programming the image into the microcontroller. Boot read protection is activated by configuring specific bits in the control registers, ensuring that the boot code remains unreadable and non-executable, except for a reserved section.

The following are the key features of Immutable Boot on the PIC32CX SG41/SG61 family of devices:

  • Immutable Flash Segment: The PIC32CX SG41/SG61 devices feature a specific segment within their Flash memory that can be configured as immutable. This segment is one-time programmable, meaning that once it is set, it cannot be modified or erased. This immutable segment protects the boot code from unauthorized changes, ensuring a secure starting point for the system.
  • Secure Boot Process: During the boot process, the boot image stored in the immutable Flash segment is authenticated. This authentication typically uses cryptographic methods, such as digital signatures, to verify the integrity and authenticity of the boot code. If the boot image does not pass authentication, the system can either halt the boot process or enter a secure recovery mode, preventing the execution of potentially harmful code.
  • Trust Platform Design Suite: Microchip offers the TPDS to aid in the development of secure applications with the PIC32CK SG41/SG61 devices. TPDS provides tools for generating cryptographic keys, programming the immutable boot image, and managing security features throughout the application's lifecycle.
  • Read Protection: The immutable segment is equipped with read protection capabilities, ensuring that the boot code cannot be accessed or copied by unauthorized parties. This adds an extra layer of security to prevent reverse engineering or tampering.
  • Security Foundation: The immutable boot feature acts as a foundation for creating secure systems. It guarantees that the initial code executed by the microcontroller is trusted, enabling secure firmware updates and the implementation of runtime protections.