SAM L11 Boot ROM

Boot ROM Description

Boot ROM Block Diagram

saml10-boot-rom_SAM_L10_Boot_ROM_block_diagram.png


The Boot ROM ensures the integrity of the device at boot. The Boot ROM features Boot Interactive mode, which allows you to perform several actions on the device, such as Non-Volatile Memory (NVM) integrity check, and chip erase via a debugger connection. Unless a debugger is connected and places the Boot ROM in Boot Interactive mode, the CPU will jump to the Flash memory, loading the Program Counter (PC) and Stack Pointer (SP) values, and start fetching Flash user code.

Note: Before jumping to the Flash, the Boot ROM clears the two first 2 kB of SRAM. The clocks remain unchanged.

In addition, the Boot ROM has extra security features, such as device integrity checks, memories/peripherals security attributions, and secure boot, which can be executed before jumping to the Flash in Secure state. For security reasons, while the Boot ROM is executing, no debug is possible except when entering a specific Boot ROM mode, called CPU Park mode.


Boot ROM Features

  • Command interface for the host debugger supporting:
    • Chip erase commands to provide secure transitions between the different Debug Access Levels (DAL)
    • Device integrity check of the NVM memory regions
    • Debugger read access of the NVM rows
  • CPU Park mode to get access for a debugger to the resources of the device depending on Debug Access Level (DAL)
  • Security features:
    • Device integrity checks
    • Memory and peripheral security attributions from user configuration stored in NVM rows
    • Secure Boot on Flash BS Memory Area

Visit the dedicated page covering SAM L11 Secure Boot Overview for more information.


SAM L11 Boot ROM Flow

The SAM L11 Boot ROM sequence consists of performing several security tasks (integrity checks, memories, and peripherals security attribution, secure boot, etc.) before starting the application. The Boot ROM first checks if a debugger is present to enter the Boot Interactive mode which allows you to perform specific tasks via a debugger connection. Before jumping to the application in Secure state, the Boot ROM can also enter in a specific mode, called CPU Park, to allow the debugger to get access to the resources of the device depending on DAL.

saml10-boot-rom_SAM_L11_Boot_ROM_Flow.png

Boot Interactive Mode

This mode allows you to interact with the device during the Boot ROM execution via a debugger connection. Interactive mode reports execution status on entry and supports specific debugger commands:

  • Enter interactive mode (CMD_INIT)
  • Exit Interactive mode (CMD_EXIT)
  • System reset request (CMD_RESET)
  • Chip Erase (CMD_CEx)
  • NVM Memory region integrity check (CMD_CRC)
  • Random Session Key Generation (CMD_DCEK)
  • NVM Rows Integrity Checks (CMD_RAUX)

Unless a debugger is connected and places the Boot ROM in Boot Interactive mode, the CPU will jump to the Flash memory, loading the PC and SP values, and starts fetching Flash user code.

Note: Before jumping to the Flash, the Boot ROM clears the two first 2 kB of SRAM. The clocks remain unchanged.


Chip Erase Management

saml10-boot-rom_SAM_L11_Chip_Erase_Mngmnt.png

CPU Park Mode

CPU Park mode allows the debugger to get full access to the resources of the device depending on its DAL. Communication with the CPU Park mode is handled by the programming/debugging tool.


Boot Time

saml10-boot-rom_Boot_Time.png

Related Sections

 
SAM L11 Secure Boot Overview
Learn more >
 
Debug Access Level
Learn more >

References:

SAM L10 and L11

© 2024 Microchip Technology, Inc.
Notice: ARM and Cortex are the registered trademarks of ARM Limited in the EU and other countries.
Information contained on this site regarding device applications and the like is provided only for your convenience and may be superseded by updates. It is your responsibility to ensure that your application meets with your specifications. MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHER EXPRESS OR IMPLIED, WRITTEN OR ORAL, STATUTORY OR OTHERWISE, RELATED TO THE INFORMATION, INCLUDING BUT NOT LIMITED TO ITS CONDITION, QUALITY, PERFORMANCE, MERCHANTABILITY OR FITNESS FOR PURPOSE. Microchip disclaims all liability arising from this information and its use. Use of Microchip devices in life support and/or safety applications is entirely at the buyer's risk, and the buyer agrees to defend, indemnify and hold harmless Microchip from any and all damages, claims, suits, or expenses resulting from such use. No licenses are conveyed, implicitly or otherwise, under any Microchip intellectual property rights.