4 Quick Start

Overview

This guide provides initial instructions and the sequence of steps for the secure boot provisioning process.

The provisioning process consists of four main phases:

Each phase must be completed before moving to the next. Within the Key Setup phase, follow the steps in the specified order (1>1a>1b>1c).

First-time Instructions

For the first run, follow the steps in order using default settings:

Step 1  -->  Step 1a  -->  Step 1b (optional)  -->  Step 1c  -->  Step 2  -->  Step 3  -->  Step 4  -->  Step 5

  1. Connect the board using both USB ports.

  2. Open TPDS and select Secure Boot>PIC32CMSG00.

  3. Click each Step button in the transaction diagram from 1 to 5.

  4. Use default selections and inputs for the initial run.

  5. In Step 2, choose the provided LED demo: pic32cmsg_led_app.X.production.unified.hex.

  6. Open a serial terminal at 115200-8-N-1 to view the boot log after programming.

Minimum Flow (secure boot only, no extra keys):

Step 1 --> Step 1a --> Step 1c --> Step 2 --> Step 3 --> Step 4 --> Step 5

Full Flow (secure boot + additional user keys with PUF wrapping):

Step 1 --> Step 1a --> Step 1b (repeat N times) --> Step 1c --> Step 2 --> Step 3 --> Step 4 --> Step 5
Important: Step 1c (PUF key wrapping) is strongly recommended. It ensures that the original key material is never stored in Flash. Instead, only PUF-wrapped key codes are written to the VSS, and the application retrieves the keys at runtime using the PUF hardware. Without Step 1c, plain keys would be stored in the VSS and could be extracted by reading the Flash.