Flasher - Authorized flashing

From SEGGER Knowledge Base
Jump to navigation Jump to search

Authorized flashing enables the creation of a secure area in a Flasher such that programming images (configuration + data files) are loaded once, and then cannot be read back via file-access, FILE I/O commands or RS232 interface. This allows handing over the Flasher to external production facilities while protecting the intellectual property and firmware content.

Key benefits:

  • Protects programming image confidentiality
  • Integrates into production flows with minimal risk of intellectual property leakage

This section describes how to setup a secure area on a Flasher and how to move the configuration/data file(s) into it.

Creating / activating the secure area

By default, Flashers are shipped with a public area only (full Flasher flash size accessible via file access mode etc.). The secure area has to be activated / created once, to make use of it. This will reserve half of the Flasher storage size (on current models this will be ~64 MB) for the secure area. The secure area can be removed at any time, providing the full flasher storage to the public area again.

The secure area can be created / removed via the Flasher Configurator, which is part of the Flasher Software and Documentation Pack.

  • Open the configuration window

Flasher ConfigureFlasher.png

  • Enable or disable the secure partition

Flasher EnableSecureArea.png

Alternatively, configuration of the secure area can also be done with the J-Link Commander.

Note:

When creating or removing the secure area, all configuration and data files being stored on the Flasher, are lost.

Please make sure that they are not needed anymore, before adding / removing the security area.


Moving files into the secure area

Before moving configuration + data to the secure area, proper functionality of the setup should be tested in stand-alone mode. Once the setup is working as expected, do the following, to move the configuration + data into the secure area:

  • Boot the Flasher in file access mode so the Flasher's internal storage appears as a USB mass‐storage device.

FilesBeforeSecure.png

  • In the root directory of the Flasher’s file system, create a folder named _SECURE.
  • Copy all the files you wish to move into the secure area (e.g., .cfg, .dat, .ini, etc) into the _SECURE folder.

FilesAfterSecure.png

  • Reboot the Flasher (do not enter file access mode again! Otherwise, contents will not be moved).
    On reboot, the Flasher will automatically transfer the contents of the _SECURE folder into the secure area, then delete the _SECURE folder from the public (visible) area.

After this step, the Flasher can be used in stand-alone mode as normal — but the programming image files now reside in the secure area and cannot be read back by the user / operator.

Automated setup

By combining Authorized flashing with J-Link command file automation, users can implement a powerful and flexible remote programming solution. This requires the installation of the J-Link Commander which is part of the J-Link Software and Documentation Pack.

The following sample will select the connected Flasher via USB, download two files into the secure area and reboot the Flasher such that the files are being moved into the secure area. For this, create a J-Link command file that defines the sequence of operations: 

usb
FWrite "_SECURE\Flasher.cfg" "Flasher.cfg"
FWrite "_SECURE\Flasher.dat" "Flasher.dat"
reboot
exit

Finally, run JLink.exe -CommandFile <CommandFileName> to execute the operations. Due to the exit command, the J-Link Commander will be automatically terminated after execution is done. A list of available commands can be found here.

Note:
The reboot command is required to transfer the files from the _SECURE folder into the secure area of the Flasher. Refer to Moving files into the secure area for a description of the transfer process.

Considerations to be taken when using the secure area

When using the secure area, some things need to be considered:

  • All features like multiple file support, patch file support etc. can also be used when operating from the secure area.
  • The secure area cannot be read back by any utility. Solely the FLASHER.log is always placed and updated in the public area, even when Flasher operates from the secure area.
  • If there is any file/folder in the public area, except the FLASHER.log and there is also any configuration / data present in the secure area, stand-alone flashing will fail because it is not unambiguous which configuration / data shall be used.
    In such cases, Flashers with Ethernet / RS232 interface will output an appropriate error message on programming. All Flasher models will output an appropriate error message in the FLASHER.log.
  • Moving files from the public into the secure area can be done multiple times, as explained in Moving files to the secure area.
    Each time files are moved from the public area to the secure area, all contents of the secure area are erased first, to make sure that no previous configuration is present there.
Retrieved from "https://kb.segger.com/index.php?title=Flasher_-_Authorized_flashing&oldid=26836"