14.4.2 Secure SAM-BA Monitor

Secure SAM-BA Monitor restricts the number of supported commands compared to the non-secure SAM-BA Monitor. Direct read and write access to the system memory is now discarded and new commands are introduced to help the user configure the Secure boot mode.

Note that the syntax of commands differs from that of the non-secure SAM-BA Monitor.

Commands are the only transfers using the raw text format. All other transfers, including replies and payloads, use the Xmodem protocol.

The syntax for Secure SAM-BA Monitor commands is:

command ::= op_code “,” address “,” length “,” id “,” rw “#”

address ::= hex_value

length ::= hex_value

id ::= hex_value

rw ::= hex_value

hex_value ::= [ hex_digit ] | hex_digit hex_value

hex_digit ::= “0” | “1” | “2” | “3” | “4” | “5” | “6” | “7” | “8” | “9” | “A” | “B” | “C” | “D” | “E” | “F” | “a” | “b” | “c” | “d” | “e” | “f”

The op_code parameter is always a string of four upper-case letters. The address and length parameters must not exceed eight hexadecimal digits.

The id and rw parameters are not used but kept for backward compatibility purpose. They should be left empty.

Depending on the command, a data payload can be added after the command. In this case, the payload must be sent after the Secure SAM-BA Monitor has acknowledged the command and communicated how the data payload must be split (size of the payload).

The following array lists all supported commands and their expected parameters:


op_code	address	length	Description	Examples
RVER	_	_	Read the ROM code version string	RVER,,,,#
WCKY	_	X	Write the payload of the *length*-byte Customer Key message into page 0 and page 1 of the User Signature Block 0.	WCKY,,C0,,#
SAPT	_	X	Send a *length*-byte Secure SAM-BA applet into the internal SRAM0.	SAPT,,13D0,,#
SMBX	_	X	Send the 128-byte applet mailbox into the internal SRAM0.	SMBX,,80,,#
RMBX	_	_	Received the 128-byte applet mailbox from internal SRAM0	RMBX,,,,#
EAPP	_	_	Execute the Secure SAM-BA applet previously loaded with the SAPT command	EAPP,,,,#
SFIL	X	X	Send a *length-byte file to later program it at the address* offset in some applet-dependent memory	SFIL,2000,400,,#
RFIL	X	X	Receive a *length-byte file from the address* offset in some applet-dependent memory	RFIL,2000,400,,#
SJTD	_	_	Set the ‘SECURITY’ bit in GPNVM to persistently disable JTAG and Debug ports	SJTD,,,,#
CRST	_	_	Chip Reset	CRST,,,,#
SSEC	_	_	Set the boot mode to Secure Boot (with fallback to Secure SAM-BA Monitor) for further power-on/resets	SSEC,,,,#
SSNM	_	_	Set the boot mode to Secure Boot (Secure SAM-BA Monitor disabled) for further power-on/resets	SSNM,,,,#

There are three types of Secure SAM-BA command replies. The first type is used as a Command ACKnowledge for all but EAPP and SVER commands. In this case, the syntax of the reply is:

reply ::= “CACK,” errcode “,” length “#” [ payload ]

errcode ::= hex_value

length ::= hex_value

hex_value ::= [ hex_digit ] | hex_digit hex_value

payload ::= [ BYTE ]| BYTE payload

The second type replies to EAPP (Execute APPlet) commands. The syntax of this reply is the same as the first type except that “CACK” is replaced by “ASTA”, which stands for Applet STAtus.

Finally, the third type replies to RVER (Read VERsion) commands. . The syntax of this reply is the same as the first type except that “CACK” is replaced by “SVER”, which stands for Send VERsion.

Table 14-4. List of *errcode*
Hexadecimal Value	Description
00000000	No error
FFFFFFFD	Bad value for address argument
FFFFFFFC	Bad value for length argument
FFFFFFF9	Bad op_code
FFFFFFF8	Bad customer key length
FFFFFFF6	The customer key has already been written
FFFFFFF5	AES-256-CMAC error
FFFFFFF4	AES-256-CBC error
FFFFFFF3	Key expansion error
FFFFFFF0	SEFC UID read error
FFFFFFED	SEFC write error
FFFFFFE7	Data transfer error
FFFFFFE6	Invalid argument (payload)