Secure Applications

Application Signing

Application signing is described in Application Signing. The Key and Content certificates are described in Types of Certificate.

Application Configuration Block

The application configuration  block is a single contiguous block of memory at a fixed location in flash. For RSL15 this is located at the base of the data flash, at address 0x00158000.

The layout of the configuration block is shown in the "Application Configuration Block Layout" figure:

Figure: Application Configuration Block Layout

Where:

  • Address of first key certificate
    • Defines the base address of the first key certificate in a three-certificate Root of Trust chain
    • If the system is using a two-certificate Root of Trust chain, this address value needs to be set to 0xFFFFFFFF.
  • Address of second key certificate
    • Defines the base address of the second key certificate in the Root of Trust chain
  • Address of content certificate
    • Defines the base address of the content certificate associated with the application
  • Application start address
    • Defines the start address of the application. This points to the base address of the interrupt vector table of the application so that the stack pointer and reset vector can be located.
  • Initial memory configuration
    • Defines the initial memory configuration being enabled by the ROM
    • Only used on cold boot of the system. Defines the data written to the SYSCTRL_MEM_POWER_STARTUP and SYSCTRL_MEM_POWER_ENABLE registers. (See the RSL15 Hardware Reference for more register information.)
  • Memory retention configuration
    • Defines the memory retention policy the ROM needs to apply
    • Only used on cold boot of the system and defines the data written to the SYSCTRL_MEM_RETENTION_CFG register.
  • CRC of other fields
    • Defines a CCITT CRC calculated over the other six words of the configuration block
    • If this does not match the calculated CRC during power-up, the configuration block is deemed unusable.

Application Image

The application image is any valid RSL15 image that can be stored in flash on the device.

Normally it is expected to execute completely from flash. However, it is possible to store an encrypted image in flash and have the ROM decrypt it to RAM prior to execution.

At present, any application must execute wholly from flash or from RAM. There is no option to have the ROM load portions of the application to RAM for execution. If partial execution from RAM is required, this needs to be handled at the application level.