9 Firmware Metadata Tools

Documents the FWMDT input/output files and command-line usage.

Location

After running Step 1, the FWMDT is copied to:

~/.trustplatform/pic32cmsg_secureboot/FWmetadatatool/

Input Files

FileDescription
PIC32CMSG_fwmd.xmlImage configuration: addresses and hex files for each segment
PIC32CMSG_sfp.xmlSigning key (ECC P-256), VSS address (0x0A004000), variable slots
FirmwareMetadata.xsdXML schema for FWMD
hsmSecureFlash.xsdXML schema for SFP/VSS

Output Files

FileDescription
PIC32CMSG_fwmd.hexCombined image: FWMD + Boot ROM + Boot Config + ROM Config + PUF AC + Application
PIC32CMSG_sfp.hexVSS data consumed by the ROM Boot process

Command Line (Manual Execution)

hsmsfmdgen.exe -s PIC32CMSG_sfp.xml \
               -m PIC32CMSG_fwmd.xml \
               -x hsmSecureFlash.xsd \
               -y FirmwareMetadata.xsd \
               -d PIC32CMSG_fwmd.hex \
               -o PIC32CMSG_sfp.hex

FWMD Image Segments

Source AddressImage TypeDefault File
0x08000000Host Boot ImagePIC32CMSG_bfr.hex
0x0A002800Boot ConfigurationBOOTCFG1.hex
0x0A003000ROM ConfigurationROMCFG.hex
0x0A003C00PUF Activation CodePIC32CMSG_PUF_AC_PFM.hex
0x0C000000Application(user-selected)

VSS XML Structure (Auto-generated by Step 3)

The PIC32CMSG_sfp.xml file is dynamically rebuilt by Step 3. The <variableSlots> section is regenerated from the key registry. Each slot produces one of these XML structures:

  • ECC P-256 (asymmetric):

    <variableSlot>
  <header><index>N</index>
    <storage><apl>3</apl><hsmOnly>1</hsmOnly>
      <storageType>unencrypted</storageType></storage></header>
  <validAfter>0</validAfter>
  <validBefore>2147483647</validBefore>
  <data><asymmetricalKey><ecc><weierstrassPrime>
    <size>32</size><usage>true</usage><algoUsed>false</algoUsed>
    <publicKey><x>HEX</x><y>HEX</y></publicKey>
    <privateKey><key>HEX</key></privateKey>
  </weierstrassPrime></ecc></asymmetricalKey></data>
</variableSlot>

  • AES (symmetric):

    <variableSlot>
  ...
  <data><symmetricalKey><aes><aesEcbKey><key>
    <aes128|aes256><key>HEX</key></aes128|aes256>
  </key></aesEcbKey></aes></symmetricalKey></data>
</variableSlot>

  • Raw key code (PUF-wrapped):

    <variableSlot>
  <header><index>0x8N</index>...</header>
  ...
  <data><rawKey>
    <length>84</length>
    <data>HEX_KEY_CODE</data>
  </rawKey></data>
</variableSlot>