2.9.1.4.3 Anti-Rollback

To secure customer image updates, the Anti-Rollback feature can be enabled in the Boot Configuration Packet for the considered NVM interface. The Anti-Rollback feature ensures that the ROM code cannot load an older version of the bootstrap. This feature relies on the bootstrap version written in the bootstrap image header and on a Bootstrap Version packet in OTP (see Bootstrap Version Packet). A bootstrap is launched only if its version is the same as (or higher than) the one written in the OTP Bootstrap Version packet. To update a bootstrap when this option is enabled, the user must write the correct version number into the bootstrap image header and write a new Bootstrap Version packet in OTP. For security reasons, the Bootstrap Version packet must be locked. The ROM code looks for the Bootstrap Version packet containing the highest version number.

Note: If the Anti-Rollback feature is enabled for an NVM interface and the ROM code does not find any Bootstrap Version packet, the ROM code launches the bootstrap regardless of the version written in the bootstrap image header.