12.3.2.1 Firmware Image Format
The firmware image comes with a metadata header, metadata payload and metadata footer that gives the ROM firmware information about location of the firmware image, authentication information, sequence number and more. The user can only execute the application (firmware image) from embedded Flash.
The following table provides details about the contents of each firmware image.
Offset | Name | Description |
|---|---|---|
Metadata Header | ||
0x00:0x03 | SEQ_NUM | Metadata sequence number of the image Little Endian (LE). Monotonically decreasing image index. Values of 0 or 0xFFFFFFFF indicate that the image is invalid. Boot ROM Image selection algorithm will prefer a valid image with the lowest sequence number. |
0x04 | MD_REV | Support metadata header version: 3 Note: This field must be set to 0x01 for this version of metadata header. |
0x05 | CONT_IDX | 0x01 – Firmware image |
0x06:0x09 | IDENTIFIER | MCHP ASCII string identifier |
0x0A | MD_AUTH_MTHD | Metadata authentication method 0x00 – None 0x02 – ECDSA p256 + SHA-256 0x03 – ECDSA p256 + SHA-384 |
0x0B | MD_AUTH_KEY | Key index for authenticating metadata 0x00 – Secure boot Key |
0x0C | Reserved | 0x00 |
0x0D | Reserved | 0x00 |
0x0E:0x0F | PL_LEN | Metadata payload length. The payload length for this version must be 0x74. |
Metadata Payload = Firmware Image Header | ||
0x10:0x13 | FW_IMG_REV | Firmware image revision (LE) |
0x14:0x17 | FW_IMG_SRC_ADDR | Firmware image source address The source address of the firmware image in persistent storage |
0x18:0x1B | FW_IMG_DST_ADDR | Firmware image destination address The destination address will be used as the jump address during the application transition. |
0x1C:0x1F | FW_IMG_LEN | Firmware image length The firmware image length must be a multiple of 4096 (count) bytes. |
0x20 | FW_IMG_AUTH_MTHD | Firmware image authentication method 0x00 – None 0x02 – ECDSA p256 + SHA-256 0x03 – ECDSA p384 + SHA-384 |
0x21 | FW_IMG_AUTH_KEY | Firmware image authentication key index 0x00 – Secure boot key |
0x22 | Reserved | 0x00 |
0x23 | Reserved | 0x00 |
0x24:0x83 | FW_IMG_SIG | Firmware image signature: The concatenated R and S term of the ECDSA signature (P-256) of the SHA-256 hash of the firmware image specified by FW_IMG_SRC_ADDR and FW_IMG_LEN. (or) The concatenated R and S term of the ECDSA signature (P-384) of the SHA-384 hash of the firmware image specified by FW_IMG_SRC_ADDR and FW_IMG_LEN. |
Metadata Footer | ||
0x84:0xE3 | MD_SIG | Metadata payload signature: The concatenated R and S term of the ECDSA signature (P-256) of the SHA-256 hash of the firmware image specified by FW_IMG_SRC_ADDR and FW_IMG_LEN. (or) The concatenated R and S term of the ECDSA signature (P-384) of the SHA-384 hash of the firmware image specified by FW_IMG_SRC_ADDR and FW_IMG_LEN. |
| Embedded Flash Variant | ||
|---|---|---|
| Address | Size (bytes) | |
| Secondary bootloader metadata | 0x0080_0000 | 512 |
| Secondary bootloader | 0x0080_0200 | Max: 15872 |
| Image 0 metadata | 0x0100_0000 | 512 |
| Image 0 | 0x0100_0200 | Max: 523776 |
| Image 1 metadata | 0x0104_0000 | 512 |
| Image 1 | 0x0104_0200 | Max: 261632 |
For an embedded Flash-only device, the ROM firmware checks for a valid image in three memory locations, see Table 12-2.