MCUBoot for On-Chip OAD (Stack Library)¶
This section describes the behavior of the MCUBoot for on-chip OAD where the combined image approach is used. This approach requires two full application and stack library pairs on the target device. In an on-chip OAD system, there are only two image types that can be executed safely:
Persistent application (version 1.0.0): Permanently resident application that implements OAD profile
User application (version higher than): OAD upgradeable application that implements OAD reset service and user functionality
For more information about OAD image header, refer to the MCUBoot OAD Image Header section of this chapter. The roles and responsibilities of each application in an on-chip system is defined in the OAD Application section.
In summary, the user application are responsible for updating the image version number flash field in the OAD image header, and resetting the device when appropriate; while the persistent application will be resposible of storing the new image.
Based on the image version number field in the image header, the secure bootload will decide which image is most fit to run. The following will describe the TI’s software solution using MCUBoot process .
In order to determine which image is best to run, secure bootloader takes the following measures:
At startup, the secure bootloader check identify image header on Primary slot - check magic number(ih_magic) 0x96F3B83D.
Then bootloader further check identify image header on Secondary slot - check magic number(ih_magic) 0x96F3B83D.
Compare versions (ih_ver) and select Primary if Primary version >= Secondary version
Secure bootloader will now go to certain flash addresses based on which MCUBoot design you choose (Direct XIP or Overwrite only, please see MCUBoot section for more information) in search for a valid Image Identification value. This is done in the following way:
Read the version number in the image header, then check for its validity (integrity check, signature verification etc.)
If the image is invalid MCUboot erases its memory slot and starts to validate the other image. After a successful validation of the selected image the bootloader chain-loads it.
Note
BLE5-Stack currently only supports Direct XIP method.