12.2.6.4.3 Running a Secure Applet

Secure applets are small programs allowed by the ROM code to run in the internal SRAM of the device. They are ciphered and signed, and only provided by Microchip as part of the SAM-BA tool. They give the possibility to perform more operations than the one provided by the simple Secure Monitor commands.

Several applets are available. For example, external memories can be programmed using memory-programming algorithm applets, the Boot Configuration and Secure Boot Configuration Packets can be programmed using dedicated applet, etc.

The first step is to send the ciphered applet to the target. This is done through the Send Applet command:

(Device to PC) >> SAPT,0,9870,0,01#

(Device to PC) << CACK,00000000,00009870#

(PC to device) >> <applet_binary.cip>

(Device to PC) << CACK,00000000,00000000#

In the example above, the host computer requests sending an applet of size 0x9870, and this is acknowledged by the Secure Monitor. Then the host computer sends the applet ciphered binary file (applet_binary.cip), and after checking the signature and deciphering the applet in SRAM, the Secure Monitor sends the acknowledgment message and error code (CACK and error code 0x0: successful).

Once the applet is in the SRAM, before executing its code, its mailbox must be filled. The mailbox is a 32-word buffer used to exchange commands and arguments with the applet.

The number of commands and arguments in the mailbox can differ from one applet to another, depending on each applet purpose.

To do so, the Send Applet Mailbox command must be issued.

The mailbox is not ciphered, and is automatically written at the correct address by the ROM code.

(PC to device) >> SMBX,0,80,0,01#

(Device to PC) << CACK,00000000,00000080#

(PC to device) >> <applet_init_mailbox.bin>

(Device to PC) << CACK,00000000,00000000#

Now the applet can be run with the Execute Applet command:

(PC to device) >> EAPP,0,0,0,00#

(Device to PC) << ASTA,00000000,00000000#

The Secure Monitor replies with an acknowledgment and a status of the applet execution (0x0: successful).

During this step, the ROM code retrieves the information that will be used when receiving the next Write File command:
  • Status of the applet execution
  • If applicable, address and size of a data buffer for data exchange between the host computer and the applet (for applets intended to program external Flash memories, for example)

A Send File command can then be issued, with the size:

(PC to device) >> SFIL,0,5000,0,01#

(Device to PC) << CACK,00000000,00004000#

(PC to device) >> <first 0x4000 bytes of the file to be programmed>

(Device to PC) << CACK,00000000,00001000#

(PC to device) >> <next file chunk of 0x1000 bytes>

(Device to PC) << CACK,00000000,00000000#