Boot ROM Description
Boot ROM Block Diagram
The Boot ROM ensures the integrity of the device at boot. The Boot ROM features Boot Interactive mode, which allows you to perform several actions on the device, such as Non-Volatile Memory (NVM) integrity check, and chip erase via a debugger connection. Unless a debugger is connected and places the Boot ROM in Boot Interactive mode, the CPU will jump to the Flash memory, loading the Program Counter (PC) and Stack Pointer (SP) values, and start fetching Flash user code.
Note: Before jumping to the Flash, the Boot ROM clears the two first 2 kB of SRAM. The clocks remain unchanged.
In addition, the Boot ROM has extra security features, such as device integrity checks, memories/peripherals security attributions, and secure boot, which can be executed before jumping to the Flash in Secure state. For security reasons, while the Boot ROM is executing, no debug is possible except when entering a specific Boot ROM mode, called CPU Park mode.
Boot ROM Features
- Command interface for the host debugger supporting:
- Chip erase commands to provide secure transitions between the different Debug Access Levels (DAL)
- Device integrity check of the NVM memory regions
- Debugger read access of the NVM rows
- CPU Park mode to get access for a debugger to the resources of the device depending on Debug Access Level (DAL)
- Security features:
- Device integrity checks
- Memory and peripheral security attributions from user configuration stored in NVM rows
- Secure Boot on Flash BS Memory Area
Visit the dedicated page covering SAM L11 Secure Boot Overview for more information.
SAM L11 Boot ROM Flow
The SAM L11 Boot ROM sequence consists of performing several security tasks (integrity checks, memories, and peripherals security attribution, secure boot, etc.) before starting the application. The Boot ROM first checks if a debugger is present to enter the Boot Interactive mode which allows you to perform specific tasks via a debugger connection. Before jumping to the application in Secure state, the Boot ROM can also enter in a specific mode, called CPU Park, to allow the debugger to get access to the resources of the device depending on DAL.
Boot Interactive Mode
This mode allows you to interact with the device during the Boot ROM execution via a debugger connection. Interactive mode reports execution status on entry and supports specific debugger commands:
- Enter interactive mode (CMD_INIT)
- Exit Interactive mode (CMD_EXIT)
- System reset request (CMD_RESET)
- Chip Erase (CMD_CEx)
- NVM Memory region integrity check (CMD_CRC)
- Random Session Key Generation (CMD_DCEK)
- NVM Rows Integrity Checks (CMD_RAUX)
Unless a debugger is connected and places the Boot ROM in Boot Interactive mode, the CPU will jump to the Flash memory, loading the PC and SP values, and starts fetching Flash user code.
Note: Before jumping to the Flash, the Boot ROM clears the two first 2 kB of SRAM. The clocks remain unchanged.
Chip Erase Management
CPU Park Mode
CPU Park mode allows the debugger to get full access to the resources of the device depending on its DAL. Communication with the CPU Park mode is handled by the programming/debugging tool.
Boot Time
Related Sections
References: