13.3.1 Boot ROM Flow

Figure 13-1. Boot ROM Flow

When the device comes out of reset, Boot ROM firmware starts with system initialization. After the completion of system initialization, the bootstrap code checks for a valid firmware image and executes. If the device does not find any valid image, it jumps to Secure Safe mode. For validating the firmware image, the bootstrap code uses the security library depending on the firmware images authentication scheme specified for that firmware.

Firmware programming is handled by Device Firmware Update (DFU). DSU supports the Debug mode. Also, it implements a CoreSight Debug ROM that provides device identification, as well as identification of other debug components within the system. See Device Service Unit (DSU) from Related Links.

The following options are valid images for a secured and unsecured PIC32CX-BZ6 device:
  • An image with valid structure and without using any authentication scheme. For more details, see Firmware Image Format from Related Links.
  • An image with a valid structure with an authentication scheme supported by the device. For supporting the authentication scheme using the public key cryptography, EFUSE must have a valid SECURE_BOOT_KEY. For more details, see Firmware Image Format from Related Links.
  • If the device is unsecured (SECURE_BOOT_KEY is invalid or device secured state is not set), the bootstrap code will look for valid images (valid sequence number, header and so on). Root of trust may not be possible in this scenario.
  • If the device is secured (with SECURE_BOOT_KEY! = 0), the valid image must always use the ECDSA p384 + SHA 384 or ECDSA p256 + SHA 256 for authentication and execute only trusted code.