RA Flexible Software Package Documentation  Release v5.4.0

 
MCUboot Port (rm_mcuboot_port)

MCUboot Port for RA MCUs.

Overview

Note
The MCUboot Port does not provide any interfaces to the user. Consult the MCUboot documentation at https://mcu-tools.github.io/mcuboot/ for further information.

Configuration

Build Time Configurations for MCUboot

The following build time configurations are defined in mcu-tools/include/mcuboot_config/mcuboot_config.h:

ConfigurationOptionsDefaultDescription
General
Custom mcuboot_config.hManual EntryAdd a path to your custom mcuboot_config.h file. It can be used to override some or all of the configurations defined here, and to define additional configurations.
Upgrade Mode
  • Swap
  • Overwrite Only
  • Overwrite Only Fast
  • Direct XIP
Overwrite Only Swap supports A/B image swapping with rollback. Other modes with simpler code path, which only supports overwriting the existing image with the update image (Overwrite Only) or running the newest image directly from its flash partition (Direct XIP), are also available.
Validate Primary Image
  • Enabled
  • Disabled
Enabled Always check the signature of the image in the primary slot before booting, even if no upgrade was performed. This is recommended if the boot time penalty is acceptable.
Downgrade Prevention (Overwrite Only)
  • Enabled
  • Disabled
Disabled Prevent downgrades by enforcing incrementing version numbers. When this option is set, any upgrade must have greater major version or greater minor version with equal major version. This mechanism only protects against some attacks against version downgrades (for example, a JTAG could be used to write an older version).
Number of Images Per Application
  • 1
  • 2 (TrustZone)
1 Number of separately updateable images.
Watchdog FeedManual EntryThis function might be implemented if the OS / HW watchdog is enabled while doing a swap upgrade and the time it takes for a swapping is long enough to cause an unwanted reset. If implementing this, the OS main.c must also enable the watchdog (if required)!
Measured Boot
  • Enabled
  • Disabled
Disabled Copies the boot data into the secure RAM, intended to be used by the secure App.
Data Sharing
  • Enabled
  • Disabled
Disabled Copies the user data into the secure RAM, intended to be used by the secure App.
Signing and Encryption Options
Signing and Encryption Options > TrustZone
Boot Record (Image 2)String length must be 12 characters or less.Create CBOR encoded boot record TLV for Image 2. Represents the role of the software component (e.g. CoFM for coprocessor firmware). [max. 12 characters]
Custom (Image 2)Manual Entry--confirm Add any custom options to pass to imgtool.py here. --pad places a trailer on the image that indicates that the image should be considered an upgrade. Writing this image in the secondary slot will then cause the bootloader to upgrade to it. --confirm marks the image as confirmed, which causes the upgrade to be permanent.
Signature Type
  • None
  • ECDSA P-256
  • RSA 2048
  • RSA 3072
ECDSA P-256 Configure the signature type.
Boot RecordString length must be 12 characters or less.Create CBOR encoded boot record TLV. Represents the role of the software component (e.g. CoFM for coprocessor firmware). [max. 12 characters]
CustomManual Entry--confirm Add any custom options to pass to imgtool.py here. --pad places a trailer on the image that indicates that the image should be considered an upgrade. Writing this image in the secondary slot will then cause the bootloader to upgrade to it. --confirm marks the image as confirmed, which causes the upgrade to be permanent.
PythonManual Entrypython Name of the python command to use. Default is python, but can be updated to python3 for Linux or an absolute path if needed.
Encryption Scheme
  • ECIES-P256
  • RSA-OAEP (RSA 2048 only)
  • Encryption Disabled
Encryption Disabled Choose the encryption scheme.
Flash Layout
Flash Layout > TrustZone
Non-Secure Callable Region Size (Bytes)Value must be an integer multiple of the 1024.0x0 Size of the Non-Secure Callable region of the Secure image.
Non-Secure Flash Area Size (Bytes) (TrustZone Non-Secure)Value must be an integer multiple of the largest erase size on the mcu.0x0 Size of the Non-Secure region. This must be non-zero for all TrustZone projects to ensure memory is partitioned correctly, even if the Secure and Non-Secure regions are treated as a single image. If the Non-Secure region can be updated separately, this size must account for the header and trailer.
Non-Secure Callable RAM Region Size (Bytes)Value must be an integer multiple of the 1024.0x0 Size of the Non-Secure Callable RAM region of the Secure image.
Non-Secure RAM Region Size (Bytes) (TrustZone Non-Secure)Value must be an integer multiple of the 8192.0x0 Size of the Non-Secure RAM region. This must be non-zero for all TrustZone projects to ensure memory is partitioned correctly, even if the Secure and Non-Secure regions are treated as a single image.
Image 2 Header Size (Bytes)Manual Entry0x200 Size of the flash reserved for the application image header for Image 2.
Bootloader Flash Area Size (Bytes)Value must be an integer multiple of the largest erase size on the mcu.0x20000 Size of the flash reserved for the bootloader.
Image 1 Header Size (Bytes)Manual Entry0x200 Size of the flash reserved for the application image header. Must meet minimum VTOR alignment requirements for the core (0x200 for all RA MCUs).
Image 1 Flash Area Size (Bytes)Value must be an integer multiple of the largest erase size on the mcu.0x20000 Size of the application image 1, including the header and trailer. For TrustZone projects, enter the combined size of the Secure and Non-Secure Callable regions if the Non-Secure image can be updated separately, or enter the size of the entire image slot if Secure, Non-Secure Callable, and Non-Secure regions are updated as a single image.
Scratch Flash Area Size (Bytes)Value must be an integer multiple of the largest erase size on the mcu.0x0 Size of the scratch area. Only required for swap update method.
Data Sharing
Maximum Measured Boot Record Size (Bytes)Value must be an integer.0x64 Maximum size of the boot record.
Shared Data Size (Bytes)Value must be an integer.0x380 Size of the shared RAM area. Required for Measured Boot.
Shared Data AddressValue must be an integer0x20000000 Shared RAM start address. Required for Measured Boot.

Clock Configuration

Pin Configuration

This module does not use I/O pins.

Usage Notes

Getting Started: Creating an MCUboot Project

Start by creating a new project in e² studio or RASC. Select 'Flat (Non TrustZone) Project' template for non TrustZone based projects. For TrustZone based projects, select 'TrustZone Secure Project' template and set the clock circuit under the clocks tab to secure. On the Stacks tab, add New > Bootloader > MCUboot. Resolve any constraint errors and edit configurations as desired. Add either the example keys or generate your own key. The MCUboot key generation tool is provided at ra/mcu-tools/MCUboot/scripts/imgtool.py and documented at https://github.com/mcu-tools/mcuboot/blob/master/docs/imgtool.md. Install the following required python packages to use imgtool.py: https://github.com/mcu-tools/mcuboot/blob/master/scripts/requirements.txt.

In src/hal_entry.c, drag in Developer Assistance > HAL/Common > MCUboot > Quick Setup > Call Quick Setup. Add a call to mcuboot_quick_setup() in the application and make any desired updates.

Note
MCUboot will contain either the verification public key or its hash. During production it is necessary to permanently lock the flash region where MCUboot is programmed to prevent the keys or the code from being modified.

Getting Started: Signing Tool Prerequisite

To use the MCUboot signing tool, ensure you have Python 3.x installed on your system. Then install the Python packages required for the signing tool with the following command (modifying the path as needed depending on current directory):

pip3 install --user -r ra/mcu-tools/MCUboot/scripts/requirements.txt

Getting Started: Converting a Project to an MCUboot Image

MCUboot application images must execute from the image slot defined by the MCUboot project. They are also limited to a single downloadable flash region. All of this is handled by specifying a BootloaderDataFile in the FSP Configuration tool.

Any existing project can be converted to an MCUboot image.

  1. If the project was created with a version prior to FSP v3.0.0, update the linker script to the v3.0.0 version before using it as an MCUboot application image.
  2. Right click the project to convert in e² studio or RASC and select Properties.
  3. Open C/C++ Build and select Build Variables.
  4. Click Add...
  5. For Variable Name, enter BootloaderDataFile. For Type, select File. Browse to the *.bld file created alongside the *.elf file for the associated MCUboot project.
  6. Click OK, then Apply and Close.

To convert a TrustZone image, follow the steps above for both the Secure project and the Non-Secure project.

MCUboot application images must also be signed to work with MCUboot. At a minimum, this involves adding a SHA and MCUboot specific constant data called boot magic in the image trailer.

Signing can be done on the as a post-build step in e² studio. To sign the image as a post-build step:

  1. If Linux is used to develop the application image, change the MCUboot property Signing > Python to python3.
  2. Build the bootloader project to generate the *.bld file. Make sure to build the bootloader project on the same computer as the application image to ensure the path to the signing script is correct.
  3. Define environment variables in the Properties of the application image project in e² studio.
    1. Right click the application image project, and select Properties.
    2. Select C/C++ Build > Environment on the left.
    3. Click Add...
    4. Define the following environment variables one at a time:
      • MCUBOOT_IMAGE_VERSION: Set to the version of the application image.
      • MCUBOOT_IMAGE_SIGNING_KEY: Set the path to the key used for signing. If signing is not required, do not set this variable. If example keys are used, set MCUBOOT_IMAGE_SIGNING_KEY as follows (replace <boot_project> with the bootloader project path):
        • ECC: <boot_project>/ra/mcu-tools/MCUboot/root-ec-p256.pem
        • RSA 2K: <boot_project>/ra/mcu-tools/MCUboot/root-rsa-2048.pem
        • RSA 3K: <boot_project>/ra/mcu-tools/MCUboot/root-rsa-3072.pem
      • MCUBOOT_IMAGE_ENC_KEY: Set the path to the key used for encryption. If encryption is not required, do not set this variable. If example keys are used, set MCUBOOT_IMAGE_ENC_KEY as follows (replace <boot_project> with the bootloader project path):
        • ECIES: <boot_project>/ra/mcu-tools/MCUboot/enc-ec256-pub.pem
        • RSA 2K: <boot_project>/ra/mcu-tools/MCUboot/enc-rsa2048-pub.pem
      • MCUBOOT_APP_BIN_CONVERTER: Optional. Set to path to objcopy, arm-none-eabi-objcopy, fromelf, or ielftool. Not required if one of these tools is on the path.
  4. Build the project.
  5. The signed image is output next to the application <project>.elf file with the name <project>bin.signed.

Getting Started: Download and Debug

For projects that do not use TrustZone, debug the MCUboot project using the default configuration. Before running, load the signed image to the address specified in the signing comment in ra_cfg/mcu-tools/include/mcuboot_config/mcuboot_config.h. This can be done with the Load Ancillary File button when debugging in e² studio. Upgrade images can be loaded to the upgrade image slots using the same method.

Note
e² studio projects targeting RA8 devices that do not use TrustZone must disable the "Set TrustZone secure/non-secure boundaries" setting (Debug Configurations > Debugger > Connection Settings > TrustZone > Set TrustZone secure/non-secure boundaries).

For TrustZone projects, debug using the Secure project to ensure the IDAU is partitioned correctly when debugging in e² studio. Make the following modifications before debugging in e² studio:

  1. In the Debug Configurations for your project, on the Startup tab, click Add... to add the MCUboot project *.elf file (Image and Symbols), and optionally the Non-Secure project *.elf file.
  2. For the Secure and Non-Secure project *.elf file, load Symbols Only.
  3. After starting to debug, load the signed Secure image and the signed Non-Secure image into the addresses specified in the signing comment in ra_cfg/mcu-tools/include/mcuboot_config/mcuboot_config.h. This can be done with the Load Ancillary File button when debugging in e² studio. Upgrade images can be loaded to the upgrade image slots using the same method.

Confirming Upgrade in Swap Mode

In Swap Mode operation, if the upgrade image is signed with the –pad option, MCUboot will install that image as a temporary update where if nothing else is done, a reboot will cause MCUboot to revert to the image version that was swapped out during the upgrade. In order for the updated image to prevent this reversion and make the update permanent, the boot_set_confirmed() must be called from the application.

To avail this capability in the application image, from the Stacks tab, add New > Bootloader > MCUboot Image Utilities (Swap Mode). Resolve any constraint errors and edit configurations as desired.

In src/hal_entry.c, drag in Developer Assistance > HAL/Common > MCUboot Image Utilities > Quick Setup > Confirm Primary Image. Add a call to boot_set_confirmed() in the application and confirm the image in the primary slot.

XIP Mode operation

XIP mode is enabled selecting "Direct XIP" as the Upgrade Mode option in the configurator or by defining "MCUBOOT_DIRECT_XIP" in the mcuboot config file. The linker script defines the symbol "XIP_SECONDARY_SLOT_IMAGE" by default to 0. To link an application to the secondar slot in XIP mode, set XIP_SECONDARY_SLOT_IMAGE to 1 in the application linker script. Direct XIP mode does not support TrustZone projects.

Dual Bank operation

MCUboot can be used with Dual bank mode to leverage the advantages of dual bank flash operation. When Dual Bank mode is enabled, only the XIP upgrade mode can be used.

Note
Unlike in normal XIP Mode operation, the linker script symbol "XIP_SECONDARY_SLOT_IMAGE" must be undefined in Dual Bank mode. An example flash layout in this configuration for a 1 MB is shown below. Note that there are 2 copies of the bootloader, one in Bank 0 and another in Bank 1.
rm_mcuboot_port_map_dualbank.png
MCUboot Dual Bank layout for 1 MB Memory

For this example layout, the following files are generated when Dual Bank mode with XIP is enabled:

  1. Bootloader Project: srec file linked to address 0 and includes the OFS region.
  2. Application Project (Primary): signed bin file linked to address 0x20000.
  3. Application Project (Secondary): signed bin file linked to address 0x20000.

In Dual Bank mode, the available flash memory is split into two halves and referred to as Bank 0 and 1. In this example Bank 0 would span from address 0x0 - 0x7FFFF and Bank 1 from 0x200000 - 0x27FFFF. In Linear mode, it is possible to program the Bank 1 area by programming to 0x80000 - 0xFFFFF.

Programming in Dual Bank Mode

The bootloader must be duplicated in Dual Bank mode. Bank 0 can be programmed using the srec file generated from the MCUboot project; this will also program the OFS region which contains the dual bank enable bit, so it must either be programmed last if each file is programmed independently. Another option is to combine all images: MCUboot in Bank 0, primary image, MCUboot in Bank 1 (no OFS), and secondary image (optional). To program MCUboot to Bank 1, offset MCUboot by half the flash size and cut off the OFS region (0x0100A100 to address 0x0100A2FF on CM33 MCUs that support dual bank). Using srec-cat for a 1 MB flash MCU (0x80000 flash per bank), an example command to create the bootloader image for Bank 1: "srec_cat MCUboot_dualbank.srec -crop 0 0x80000 -offset 0x80000 -o MCUboot_dualbank_offset.srec". The application project for Bank 1 can be similarly offset using srec_cat: "srec_cat app1.bin.signed -binary -offset 0xA0000 -o app1_offset.srec", where 0xA0000 is 0x80000 (half the flash) + 0x20000 (MCUboot size). The signed binary file for Bank 0 can be converted to srec format using srec_cat: "srec_cat app0.bin.signed -binary -offset 0x20000 -o app0.srec"

To combine all the files into one srec file, use "srec_cat MCUboot_dualbank.srec MCUboot_dualbank_offset.srec app0.srec app1_offset.srec -o combined_srec".

External Memory Support

QSPI

QSPI support for secondary image storage can be enabled in the configurator. The bootloader expects the QSPI memory to be pre-configured by user code in the bootloader for read/write operation. The bootloader code operates under the assumption that the user has configured the QSPI in Extended-SPI mode and that R_QSPI_Open() has been called prior to invoking boot_go();. For example, on the EK_RA6M4 which has the MX25L25645G QSPI flash, after adding the QSPI module to the project, calling the following snippet will configure the QSPI for read/write operation:

/* Status Register (SREG) payload size */
# define SREG_SIZE 0x03
# define QSPI_COMMAND_WRITE_STATUS_REGISTER 0x01
# define QSPI_DEFAULT_SR1 0x40
# define QSPI_DEFAULT_SR2 0x00
/* Status register payload */
uint8_t data_sreg[SREG_SIZE] = {QSPI_COMMAND_WRITE_STATUS_REGISTER, QSPI_DEFAULT_SR1, QSPI_DEFAULT_SR2};
R_QSPI_Open(&g_qspi0_ctrl, &g_qspi0_cfg);
/* Configure for Extended SPI Read/Write Mode */
R_QSPI_DirectWrite(&g_qspi0_ctrl, &(g_qspi0_cfg.write_enable_command), 1, false);
R_QSPI_DirectWrite(&g_qspi0_ctrl, data_sreg, SREG_SIZE, false);

For a more detailed example on how to initialize the QSPI device, refer to the QSPI module. The QSPI sector size must be the same as that of the MCU internal flash (BSP_FEATURE_FLASH_HP_CF_REGION1_BLOCK_SIZE) for swap mode operation.

OSPI_B

OSPI_B support for secondary image storage can be enabled in the configurator for RA8: The bootloader expects the OSPI memory to be pre-configured by user code in the bootloader for read/write operation. The bootloader code operates under the assumption that the user has initialized the OSPI_B by calling R_OSPI_B_Open() prior to invoking boot_go();.

MCUboot Memory Map

For single image projects with no external memory support, the default memory map looks like:

rm_mcuboot_port_map.svg
MCUboot Memory Map

For projects with 2 separately updateable images (used for TrustZone applications where the Secure and Non-Secure images can be updated separately), the default memory map with no external memory support looks like:

rm_mcuboot_port_map_tz.svg
MCUboot Memory Map (TrustZone)

For single image projects with QSPI, the default memory map looks like:

rm_mcuboot_port_map_qspi.png
MCUboot Memory Map with QSPI

MCUboot verification options

MCUboot in FSP supports the following secure image verification options

  1. Hash verification only (SHA256).
  2. Hash and signature verification (ECDSA-P256, RSA-2048 and RSA-3072).
  3. Hash, signature verification and image encryption (ECIES-P256 and RSA-OAEP-2048 with AES-128).
  4. Hash and image encryption only.

MCUboot also supports signature verification using EdDSA-25519 and image encryption using AES-KW-128 and AES-KW-256 but those are currently not supported in FSP.

Limitations

MCUboot swap mode is not functional with OSPI_B external storage.

Notes

When encryption is enabled, MCUboot requires the image in the primary slot to be unencrypted. Only the image loaded in the secondary slot can be encrypted.

MCUboot Crypto Stack Options

The following crypto stacks can be used with MCUboot in FSP:

  1. MbedTLS, which is hardware accelerated on all RA devices. On the RA2 which has an AES engine only, ECC/RSA/SHA operations are in software.
  2. TinyCrypt (S/W Only) can be used with all devices.
  3. TinyCrypt (H/W Accelerated) has AES operations accelerated for the RA2 family only. When using MCUboot without encryption there is no difference between using this or the S/W only version.
  4. SCE9 Protected Mode on devices that have the SCE9 (eg: RA6M4, RA4M3, RA4M2)

MbedTLS provides the best performance for MCUBoot signature verification on the RA6 and RA4 devices but has a much larger code footprint compared to TinyCrypt. For RA2 devices TinyCrypt is the best option.

MCUboot boot time

The time from Reset to executing the application will depend on how quickly MCUboot finishes execution. This is dependent on a variety of factors including

  1. The crypto algorithms chosen for image verification and whether hardware acceleration is enabled. Hardware accelerated SHA256 will be the fastest while encryption enabled modes will be the slowest.
  2. The operating clock speeds.
  3. Whether flash programming was required.

Reducing boot time on SCE9 devices

On devices that have the SCE9, it is possible to reduce the time taken for EC-P256 signature verification by setting the Initialization property for the SCE9 module to only initialize the crypto primitives required for EC-P256 verification. Note that this feature is only supported for EC-P256 currently. Enabling it for any other algorithm will cause a runtime failure.

Using SCE9 Protected Mode Crypto Stack

Using this crypto stack with MCUBoot provides additional security by ensuring that any keys that are used were securely provisioned for the specific device. The Application Note "Installing and Updating Secure Keys for RA Family" (R11AN0496) provides detailed steps on how to go about installing these keys. Since the section "Preparing Keys for Installation and Update Using RFP" document currently only provides information on how to install an AES key, this section will provide information on how to install an ECC public key. These steps can be used to install the public keys used for image verification or the keys used for image encryption.

Note
When using the SCE9 Protected Mode Stack with MCUboot it is required that the public keys in the format described in the "MCUboot Example Keys" module in the stack is also provided in the project.

Installing public keys used for signature verification

  1. Generate an ECC key pair. There are various ways to do this but you can use openSSL to do so: "openssl ecparam -name secp256k1 -genkey -noout -out my_ecc_secp256k1_key.pem".
  2. Once the key is generated, in order to install the public key using RFP (Renesas Flash Programmer) the user needs to have their own UFPK (User Factory Programming Key) and W-UFPK (Wrapped User Factory Programming Key). Refer to R11AN0496 on how to obtain these keys.
  3. Once the UFPK and W-UFPK are available, we need to extract the public key from the pem file. The public key can be viewed by using "openssl ec -noout -text -in my_ecc_secp256k1_key.pem". Note that when the ECC public key is printed out this way, it will contain a 0x04 ASN.1 prefix at the start, which should be discarded.
  4. Use the rfp-util.exe utility from the RFP installation folder to wrap the public key using the UFPK and W-UFPK into a format that can be installed by RFP and the factory bootloader on the MCU.
  5. Use RFP as described in R11AN0496 to install the key to the location of mcuboot_sce9_key section.

These are examples that install the default keys provided with MCUboot in ra/mcu-tools/MCUboot/. The examples assume that UFPK and W-UFPK are already available.

//Print out the EC-P256 Public Key using openSSL
C:\ openssl ec -noout -text -in root-ec-p256.pem
read EC key
Private-Key: (256 bit)
priv:
d7:98:d5:2f:83:01:24:3b:d3:54:2b:7e:55:ed:4c:
74:61:19:00:b0:f9:50:5a:82:4f:e1:e8:ec:06:3b:
cf:f1
pub:
04:2a:cb:40:3c:e8:fe:ed:5b:a4:49:95:a1:a9:1d:
ae:e8:db:be:19:37:cd:14:fb:2f:24:57:37:e5:95:
39:88:d9:94:b9:d6:5a:eb:d7:cd:d5:30:8a:d6:fe:
48:b2:4a:6a:81:0e:e5:f0:7d:8b:68:34:cc:3a:6a:
fc:53:8e:fa:c1
ASN1 OID: prime256v1
NIST CURVE: P-256
//Use the public key (ignore the 0x04 ASN.1 prefix) in the RFP command line to convert the public key into an installable format
C:\ "C:\Program Files (x86)\Renesas Electronics\Programming Tools\Renesas Flash Programmer V3.08\rfp-util.exe" /genkey /ufpk "C:\ufpk.key" /wufpk "C:\ufpk.key_enc.key" /key "2acb403ce8feed5ba44995a1a91daee8dbbe1937cd14fb2f245737e5953988d994b9d65aebd7cdd5308ad6fe48b24a6a810ee5f07d8b6834cc3a6afc538efac1" /userkey "16" /output "C:\ECC_pub_install.rkey"
// From the bootloader map file determine the address of mcuboot_sce9_key section
Use RFP to install "ECC_pub_install.rkey" as described in "Installing and Updating Secure Keys for RA Family" (R11AN0496) to the address where the mcuboot_sce9_key section is located.
//Print out the RSA-2048 Public Key using openSSL
C:\ openssl asn1parse -in root-rsa-2048.pem
0:d=0 hl=4 l=1187 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=4 l= 257 prim: INTEGER :D106081A18442C18E8FBFDF70DA34F1FBBEE5EF9AAD24B18D35AE96D188019F9F09C341BCBF3BC74DB42E78C7F10537E435E0D572C44D167080F0DBB5CEEECB399DFE04D840BAA774160ED152849A701B43C10E6698C2F5FAC414D9E5C14DFF2F8CF3D1E6FE75BBAB4A9C8887E473C94C37767544BAA8D3835CA62617EB7E115DB7773D4BE7B7221896924FBF8656E643EC80ED785D55C4AE4530D2FFFB7FDF31339833FA3AED20FA76A9DF9FEB8CEFA2ABEAFB8E0FA823754F43EE12BD0D3085818F65E4CC8888131AD5FB08217F28A692723F3AB873E931A1DFEE8F81A246659F81CABDCCE681B666435ECFA0D119DAF5C3AA7D167C647EFB14B2C62E1D1C9
268:d=1 hl=2 l= 3 prim: INTEGER :010001
273:d=1 hl=4 l= 256 prim: INTEGER :46A11421C52B5BFF3AD2D37924999745F0D9D62BE505D42C5A56B0E39550CBF641D07667221E8502B38842F79D83E5C2977EF3610E6B5E9AC3055B2D8174967505BCB96D57FE1D26D8E7A894EA9D209A99CD6624856BC22240F17C09D3B1960EE2F61BFFE9EE3277BF4E539D9395FCA983F717EA4AFB2166E9FE2E0A25A87A9CAC06B57F8726B8FF42F68A9E9D9AF2963C9F8FBA626886462342513EB249E64226609A9170C80A4F21CFE0BF27C10E26A0C26BEB36DF6D6C716F94C2ECA559490F5429967E64BBB2FE991441EE06F17484D2BF91F6EE090A0F3B235BE01E19FC5894B1557D36ECE554AB91DF3B3836B244014DC131A61E55F41D9BA2737177C5
533:d=1 hl=3 l= 129 prim: INTEGER :FF7D8F5BE67045C74A5CC8FE4159315D477AC645F2EE64D73C4690B8E2D665082B4AA0051F5978E7FE9DD3DF4A009AE333A911F29297B73EF6208C8C1D33E6DF7DA08729A32AF6849765CFF6C17E7FA16661445AAF8CBAF198777A2BCFF3AF90FD8CCE18AC2D452CE204CCEB01FA085E0B701FCA7020F60B3F7CC1578E38F59B
665:d=1 hl=3 l= 129 prim: INTEGER :D170BF82EDAE6F933A1170678EAF4AD9DE0B953C803EC21B01C312C2484E507E182454B6DAA5CB610500F7333E0D4C8B0AB97F3CA3761B41D056031BE0321B787BFC917079A069B9CDF6D6A2B5AA3A899707702C23B5FC60332D7FF3EC655D9A9817A2A95B2498F250576D6A17278E707953F9D1EE45BD0ED2E9F774AF111E6B
797:d=1 hl=3 l= 129 prim: INTEGER :A43087E1D27CD28B19A1F955549FC256A4EA24E3AD144160050F8050210F110CA7EDA45AC663D48C9B17C8A255C77FC2855FA0F617F9423D472571CD55B3162B086C1290D29878A68B3955E5C941C739ED36931C0877536891C82E8E5B6CCAA64E1BA013410B32CA7E52017301E9325965D65FC7D4398A857DFE69AE1FEB4103
929:d=1 hl=3 l= 128 prim: INTEGER :5043C1614FED75DD1A77EC78037AB258E47BD3E9A7CC655F2C41B242BAAB28B5EA52A214A19EC05EA22848945EC781FA175617A9098C0DCE1F2597736B6C4892D811673B8FA126638AC77A6248F4C01252CB0AF61F8972FAFB2208D356595292188F964B091EF16E8BD3B59EDED8CE01D4BD96141A18A7E7B274EFDCCBEAE799
1060:d=1 hl=3 l= 128 prim: INTEGER :287481FC814FF38A3E47CABFE05BB7C1DCA318048FE4F21FEBD875E4DB3FD65227ACB9BAD31B3E0EF388B2DB27EF48712C0F0B0252988F88D0E9B8C44A7865B942AF3006EE15AF1B634DCF14239A838EAC000DC93BC947F6A937E524400E16ACC48A118C819514BF851F549F3DF5BCC73693D45ED2E91685687F424B101837C9
//Use the public key in the RFP command line to convert the public key into an installable format. Note that for RSA, the public modulus has to be concatenated to the public exponent (typically 65537 in 32 bits 00010001 as shown in the asn1parse output above) and then padded with 4 words of 0.
C:\ "C:\Program Files (x86)\Renesas Electronics\Programming Tools\Renesas Flash Programmer V3.08\rfp-util.exe" /genkey /ufpk "C:\ufpk.key" /wufpk "C:\ufpk.key_enc.key" /key "D106081A18442C18E8FBFDF70DA34F1FBBEE5EF9AAD24B18D35AE96D188019F9F09C341BCBF3BC74DB42E78C7F10537E435E0D572C44D167080F0DBB5CEEECB399DFE04D840BAA774160ED152849A701B43C10E6698C2F5FAC414D9E5C14DFF2F8CF3D1E6FE75BBAB4A9C8887E473C94C37767544BAA8D3835CA62617EB7E115DB7773D4BE7B7221896924FBF8656E643EC80ED785D55C4AE4530D2FFFB7FDF31339833FA3AED20FA76A9DF9FEB8CEFA2ABEAFB8E0FA823754F43EE12BD0D3085818F65E4CC8888131AD5FB08217F28A692723F3AB873E931A1DFEE8F81A246659F81CABDCCE681B666435ECFA0D119DAF5C3AA7D167C647EFB14B2C62E1D1C900010001000000000000000000000000" /userkey "0C" /output "C:\RSA_pub_install.rkey"
// From the bootloader map file determine the address of mcuboot_sce9_key section
Use RFP to install "RSA_pub_install.rkey" as described in "Installing and Updating Secure Keys for RA Family" (R11AN0496) to the address where the mcuboot_sce9_key section is located.
//Print out the RSA-3072 Public Key using openSSL
C:\ openssl asn1parse -in root-rsa-3072.pem
0:d=0 hl=4 l=1764 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=4 l= 385 prim: INTEGER :B42C0E985810A4A758997C01DD082A283433F8961A34205D45C8712625E5D296EA7BB115AAA68A63228B2D4E8173BF6E15688C1AF4EF2A8F8C229E71574BDE0F7E72D37AB8A71D44AD8700835CFD730572463F8BF91000D86ECC85EDF949DB783680493876DD5F5404DA8C34A72B13256FD1154FADC2E1A5D24E570C7E9C9BBA4E68B2E02502AA00D3B4CC2F78E5BE47671FC86E226C5E61B69ACDE5A8BA7A80131B172E96EDCFB39BE41CE8ADA7F63A51665E998E87EE6025F88DBECEA4A8CA936CD7BFD473338D4485CC7330089C4DB2AA5A6C6F7BABB7B37CC3FBE7CAC4F89A6FCBBB5B82E77AE819FD2F1122FB7F768C6B94A4094FA56A7751EBA77EDA8706EEDCBED1EA1A401D1BFF1AB1517C12B0F3F683019CE70C99BFAC685872A4B05985EE85AC2A22F4CF1508801F0DD01EA0A094C8F7FA65DD52E8963723305736E69DF40C4A05751FAD01CAB76D8C4374060A81F30162FFF7F55FAFE72B0EF881B565DD01D99F07178A18CF236E886591B57BD3B02DAF93666374AC5AE673DE3B
396:d=1 hl=2 l= 3 prim: INTEGER :010001
401:d=1 hl=4 l= 385 prim: INTEGER :98C34E30AF629528EABF605C781B671B257FF742D5BEE2BE12DFEBC80B93FC6547354F256EC6BC4967CD97C19B931779701F6FC39F6F75A7B68AD7CA83D8E8D43C4381B9E8FC909D5D803CD824AD24AC3683077857D9D0CDB1CC29B6678ACED1F36BFC292AE771DF5C2A2D7CAB4CA374378590CB392A2686A17518EB9822930B7955DE6C9C14D12DD852D05963E96FD73CC1BF005AA185B8D5CA15CFA6AB4E186F9AA5A2340838F631B44D2A9FAAECE3EF869BA9192779DEFDF2EBC41F938F249EABFFB1EB8DB49A9F61DF86242059E6D1E8D579C6D980CBFFF68AE36AAE6F5ED50AE29E3A35B5E1CFEB78731906E4F47CD7748CCC9B0F37BC73A9A459AD78E092C49231276878465B15967FFB3B93788C085DA6ABBFE405819561DE7C4B16BF17C653098176DC45D0CE29F99E6A188217FD6187C7E120F6AB0FD4D86732143C0C98C23CDCDE8FB766B221DC202B08FD227CE176F2E4A946F0E25BB184A9CF2778FCF0FBF3D5574932BF07020DDC866C5A1370D46EC039FCDC87CE9F5CDA42A1
790:d=1 hl=3 l= 193 prim: INTEGER :E5BF240823A33C7AD9D931818534A0F1A5C45A86B178CE710D5B7203B26E35D38E28CBEAAFF1F47B34523EF3CC5C6E6FF3CD0FA8CF814601C4CD7D46B5240208FE1D68271ED0780172B651AAE357319C67D51927A69A910E819AB35959DE16767CB3FF35B2ADF9FCECE943EA4A81337C498823C9241B7F9A491021D5DE8697EA0FC365C114E899E0616C86E20028BC1A61FC45DA3E7DEC687528EEEEF9C83E879CBC5CC5AE02FFF66CF4D3879910F15B5005ABA73DAAA1E30308B0A16CFFD4F1
986:d=1 hl=3 l= 193 prim: INTEGER :C8C2B1D568DC756EC05384E6328598EDDC1C8229E10731277BBCF98609DA6EC9C56AE751A408B1FC8053D06D3F9431015E36BE8FC579E89CBBC4254B9898B4E389E37F30A7D1B6ED387384DC1CED18FEDE59138337EDAEFD5F7193ABFBCB847B34E2F313BFB5FD2BA9698596E6E428F59D6F09A994ECCB885EAE9BF414B71C3F2F4BD22978340824A43D1B434844DF6768BC327CB934117043A84D159575AEB038BC07D5B9650D25F5D6365CB0B1F06C7B16873C500F3912F8AFB5FA42DDB5EB
1182:d=1 hl=3 l= 192 prim: INTEGER :0B2C1F6171F23737B62E54B4FAB853774CDB5E979C3BC6B642B306B95D4CF4BB23F7A1EAF8C1686531672A7E8A9A9818439FDE3A1455320555FFB42EE3122C3329C05E5740AD5C989D6E764C3C1FFA5EA3C1FE262A78EBC2EBD48D123447938A11886349C635A5A9820FD9E8A3D4E29F11A8582D28DF597634455F8FD9F16BA3CB3E724D5069FB49A91330FFFE87FC95BFDC17BD843A756BA2FEE9979F77F86A79D9C31D2DD82180674E04975C7F316D8257B4403EC47478E8A5DC890D16E7D1
1377:d=1 hl=3 l= 192 prim: INTEGER :543B63F3BF6868190CB6BE16FB7194459049A1CF426C0B129ED71DF6402216C3AF81F8060805E1EFA844023A2427E01BCBD4BA45863C6CFD7DC68143638606B7453E5F3A21DF5A99D34A9C9EE1C014F1B286BB2A1E082A9882381C1657B1FF26D67CB6323E08746DA249F4D3E89228214D69AE2B29A1E48F95F23ADAC0EA46FEB7B05F4028FFE3BEC3EE23872A46435996D70773CF1CEA8828CAEF74B3DDC96A849357D23354139D2EB52EDFDAFEFD79F676F04CBCE67632E086909AACFD6AFB
1572:d=1 hl=3 l= 193 prim: INTEGER :BD64D5B1F4FB1B37B0C423C57CA8E4261EE5F9A2D72F069EDD39922BE0BC66863CB21BDA51BC2517C885AB0ED380EBBF19D6E440626A9EACAED005F8C539E7F1235E7F7B7ECD53BC3470676FD22510800877A91675EB3CCCF574105EF081BBB3C022E564C3B956DBED3E3FF1FC12AEA027205EE84301C5C25A439C519424B64227FF87FE38DC9F64E04E718810D4F09522287E17164FE3AD1AD94B2D4E09EBE974EEF55FB9E1287E824C7EA5A30D4A4EAF71669CFF8AD9DAD95859F3BFFDD182
//Use the public key in the RFP command line to convert the public key into an installable format. Note that for RSA, the public modulus has to be concatenated to the public exponent (typically 65537 in 32 bits 00010001 as shown in the asn1parse output above) and then padded with 4 words of 0.
C:\ "C:\Program Files (x86)\Renesas Electronics\Programming Tools\Renesas Flash Programmer V3.08\rfp-util.exe" /genkey /ufpk "C:\ufpk.key" /wufpk "C:\ufpk.key_enc.key" /key "B42C0E985810A4A758997C01DD082A283433F8961A34205D45C8712625E5D296EA7BB115AAA68A63228B2D4E8173BF6E15688C1AF4EF2A8F8C229E71574BDE0F7E72D37AB8A71D44AD8700835CFD730572463F8BF91000D86ECC85EDF949DB783680493876DD5F5404DA8C34A72B13256FD1154FADC2E1A5D24E570C7E9C9BBA4E68B2E02502AA00D3B4CC2F78E5BE47671FC86E226C5E61B69ACDE5A8BA7A80131B172E96EDCFB39BE41CE8ADA7F63A51665E998E87EE6025F88DBECEA4A8CA936CD7BFD473338D4485CC7330089C4DB2AA5A6C6F7BABB7B37CC3FBE7CAC4F89A6FCBBB5B82E77AE819FD2F1122FB7F768C6B94A4094FA56A7751EBA77EDA8706EEDCBED1EA1A401D1BFF1AB1517C12B0F3F683019CE70C99BFAC685872A4B05985EE85AC2A22F4CF1508801F0DD01EA0A094C8F7FA65DD52E8963723305736E69DF40C4A05751FAD01CAB76D8C4374060A81F30162FFF7F55FAFE72B0EF881B565DD01D99F07178A18CF236E886591B57BD3B02DAF93666374AC5AE673DE3B00010001000000000000000000000000" /userkey "0E" /output "C:\RSA_3072_pub_install.rkey"
// From the bootloader map file determine the address of mcuboot_sce9_key section
Use RFP to install "RSA_3072_pub_install.rkey" as described in "Installing and Updating Secure Keys for RA Family" (R11AN0496) to the address where the mcuboot_sce9_key section is located.

Examples

Basic Example

This is an example of using MCUboot in an application.

void rm_mcuboot_port_example (void)
{
#ifdef MCUBOOT_USE_MBED_TLS
/* Initialize mbedtls. */
assert(0 == mbedtls_platform_setup(&ctx));
#elif defined(MCUBOOT_USE_TINYCRYPT)
/* Initialize TinyCrypt port. */
assert(FSP_SUCCESS == RM_TINCYRYPT_PORT_Init());
#else
/* Initialize SCE9 Protected Mode driver. */
const sce_cfg_t sce_cfg =
{.lifecycle = SCE_SSD};
assert(FSP_SUCCESS == R_SCE_Open(&sce_ctrl, &sce_cfg));
#endif
/* (Optional) To check for updates, call boot_set_pending. */
bool update = 0;
if (update)
{
boot_set_pending(0);
}
/* Verify the boot image and get its location. */
struct boot_rsp rsp;
assert(0 == boot_go(&rsp));
/* Enter the application. */
RM_MCUBOOT_PORT_BootApp(&rsp);
}