Translate Bootstrap Master Image to Paired Target Device (pairingmode)
The pairingmode applet enhances the secure boot mode with anti-cloning protection for the target device.
The SAMA5Dx family and SAM9X60 have the ability to load signed and encrypted programs during the Boot Process. This allows only authorized code to load and execute on the processor.
Enabling the ROM Boot Code for Secure Boot mode requires a Non-Disclosure Agreement (NDA) from Microchip Technology. Contact your nearest Microchip Sales office for instructions on how to attain confidential application note AN2435, SAMA5D2 Series Secure Boot Strategy (Lit. No. DS00002435).
The pairingmode applet applies to the following devices. Documentation is available in the ../sam-ba/doc/ directory.
Device | Documentation |
---|---|
SAM9X60 | ../doc/sam9x60.html |
SAMA5D2 Series | ../doc/sama5d2.html |
Additional documentation is located in the ../doc/pairingmode-sam9x60.html and ../doc/pairingmode-sama5d2.html document directories.
pairingmode Command Structure
Applet Initialization
Initialization of the pairingmode applet has the following command structure:
$ sam-ba -p secure -d sama5d2 -a pairingmode:help
Syntax: pairingmode:[<algo>]:[<force_settings>]:[<keys_in_fuse>]
Parameters:
algo - Signature algorithm for authentication (cmac or rsa)
force_settings - By-pass ROM code settings and force settings from applet parameters
keys_in_fuse - If <force_settings> is set, load customer keys from fuses
Examples:
pairingmode:cmac - Signature algorithm is set to AES-256-CMAC
pairingmode:rsa - Signature algorithm is set to RSA
Supported Commands
A list of commands supported by the pairingmode controller can be displayed with the following command:
$ sam-ba -p secure -d sama5d2 -a pairingmode -c help
Translate Command
The translate command transforms the input stream of binary data, loaded from the bootstrap master image file <master_input>, into the output stream of binary data, saved into the bootstrap paired image file <paired_output>.
$ sam-ba -p secure -d sama5d2 -a pairingmode -c translate:help
* translate - convert a bootstrap master image into a bootstrap paired image
Syntax:
translate:<master_input>:<paired_output>
Examples:
translate:at91bootstrap.cip:at91bootstrap_paired.cip