1 Introduction
This use case demonstrates the secure boot process for the PIC32CMSG00 device using the Physically Unclonable Function (PUF) peripheral. It includes steps for authenticating and validating the application image, generating Firmware Metadata (FWMD), and securely managing keys with the Firmware Metadata Tool (FWMDT) and Variable Slot Storage (VSS).
This use case validates the application image to support secure boot with the PUF peripheral embedded in the PIC32CMSG00 device.
The secure boot process involves the following steps:
-
The ROM Boot retrieves a pointer to the FWMD from the device configuration fuses.
-
ROM Boot authenticates the FWMD using
ECC P-256signature verification. -
Once authentication is successful, ROM Boot loads and validates the application image.
-
The FWMD contains the
SHA-256hash andECDSAsignature of each image segment, compiled into a format required by the Boot ROM.
This use case includes the FWMDT, which generates the FWMD and the VSS data. It supports PUF-based key wrapping for secure key storage and provisioning of multiple keys (asymmetric and symmetric) in user-chosen VSS slots.