2.9.2.5 Bootstrap Image Format

A bootstrap image stored in NVM must have a defined format to be launched by the ROM code. Depending on the mode of operation and configuration, the format may differ.

In all formats, a valid image starts with a fixed size header:

All values in the header are 32-bit words, Most Significant Bit First (MSBF), sizes are in bits.

• MAGIC:
  • 0x42535031 -> ‘BSP1’: Plain text bootstrap image version 1
  • 0x42534331 -> ‘BSC1’: Secure bootstrap image version 1
• Image size: Actual size in bytes of the padded bootstrap image. Image shall be a multiple of 128-bit blocks.
• Authentication Data: Parameters for authentication are as follows:

  Bit	31	30	29	28	27	26	25	24
  	AUTHENTICATION_MODE
  Bit	23	22	21	20	19	18	17	16
  	RFU
  Bit	15	14	13	12	11	10	9	8
  	Security data size
  Bit	7	6	5	4	3	2	1	0
  	Security data size

  • Bits 31:24 – AUTHENTICATION_MODE: Defined as:

    Bit	7	6	5	4	3	2	1	0
    	Steps	RFU	RFU	RFU		Auth.Algorithm		RFU

    • Bit 0 – RFU Must be 0.
    • Bit 2:1 – Authentication algorithm
      • 00: No authentication
      • 01: AES-CMAC
      • 10: RSA
      • 11: ECDSA
    • Bit 7 – Steps: Used in image verification
      • 0: Single-step verification
      • 1: Double-step verification
    • Other bits – RFU: Must be set to 0b0.
  • Bits 23:16 – RFU: Must be 0x00.
  • Bits 15:0 – Security data size: Size in bytes of security data present after the image
• Dual Boot info: Dual boot identification information as follows:

  Field	Size	Description
  Bootstrap Major Version Number	16	Major Version number
  Bootstrap Minor Version Number	16	Minor Version number

• TAG: Must be 256 bits long:
  • In Plain Text mode, contains the header SHA256 digest.
  • In Secure mode, refer to the following table:

  Field	Size	Description
  Plain bootstrap TAG	128	AES-CMAC of the plain bootstrap image
  Header TAG	128	AES-CMAC of the image header

  To clear the bootstrap, TAG must be random values if the image is configured for a single-step verification.