SSL with CRC

Hi Alon,

The ADSP-SC58x features CRC32 protection which is implemented in hardware. The boot kernel provides mechanisms to allow each block to be verified using a 32-bit CRC. The boot rom contains a function in the rom that can be called as an initcode to register the CRC callback and initialize the CRC peripheral with a user specified polynomial. To enable this, feature an Init Block must be located in the boot stream with a TARGET_ADDRESS that points to the adi_rom_Crc32Init() function in the ROM. The ARGUMENT field contains the CRC32 checksum polynomial to be used to initialize the CRC lookup table. Once this CRC initcode function in the ROM has been executed CRC verification is enabled for all subsequent blocks except Ignore and First block.

The utilities provided by the supporting toolchain for the processor allow for generation of CRC32 protected loader streams. When building a LDR file for CRC32 protection, use the -CRC32 <PolynomialCoefficient> switch. The -CRC32 switch directs the loader to generate CRC32 checksums. It uses the polynomial coefficient if specified, otherwise uses the default coefficient (0xD8018001).

We would suggest you to refer the CRC32 Protection (Page No:3469) and Boot ROM Programming model(Page No:3480) . The link for the ADSP-2156x Hardware Reference Manual is given below.
www.analog.com/.../SC58x-2158x-hrm.pdf

Regards,
Divya.P

Hi,

With all due respect, I can read by myself and believe me I have read !! What I need is an example (example!!) that shows how to exploit adi_rom_Crc32Init and adi_rom_Crc32Poly API.
Could you please supply such ?

Hi Alon,
 
We are checking on this and we will update to you as soon as possible.

Regards,
Divya.P

Hi Alon,

Add -CRC32<PolynomialCoefficient> switch while generating the loader file. It uses the polynomial coefficient if specified, otherwise uses the default coefficient (0xD8018001).
Once the -CRC32 switch is invoked while generating the loader file, it appends an extra block which is basically used by the boot ROM to invoke the CRC32 initialization routine and then start processing each block one by one.

In each block, there is a 16byte header associated with this. The argument field in this comprise of the CRC checksum, which is compared with the generated checksum by the boot ROM based on the default/user-passed polynomial. So, all the block integrity is verified using this.

 If any of the block CRC fails, it will be reported as an error by the bootROM and the application will not boot itself.

Below steps is required:
1. The SSL application, will call the ROM API for main application with CRC switch enabled and Hook routine installed.
2. The hook routine, can be used to remap the error function pointer to loader application space.
3. It will jump to error handler in application space for any issues in processing the bootROM and that will also include CRC errors.
4. Inside the error handler function, call ROM API to boot a recovery application.

Please find the attached project. In this, first it try to boot the application from the flash address 0x40000. If the loader file is corrupted, then it will try to boot the application from the flash address 0x80000.
So, create the loader file with -CRC32<PolynomialCoefficient> switch enabled and modify/remove the content. Load it at flash address 0x40000.
Then load the correct file(app2) at flash address 0x80000.

Regards,
Divya.P
SC584_SSL_Core0.zip