Basic Operation
The secure bootloader offers a simple file system, primarily for storing attestation keys, but it can also be used for the general storage of small files.
The file system location is defined in bl_memory.h and occupies a range of sectors in data flash. Due to the limitations of the flash, the file system space is set to 11 KB.
The file system is organized in blocks that align with the underlying data sectors. Each data sector is 256 bytes in length; therefore, 44 blocks are available for use.
NOTE: A single file can be stored in more than one block. A single block can only contain information for a single file.
The first sector contains the inode table, which describes the blocks that are allocated to each file. There is a single inode entry for each file held in the file system. Each inode is defined as 12 bytes; therefore, a maximum of 21 files are supported by the file system.
Each inode/file contains the following information:
- The list of blocks allocated to the file. This is a 48-bit mask where a 1 indicates that the data block is used by that file.
- The file ID, which is defined as a 16-bit value because space is limited. How this is derived from a textual filename is left to the caller.
- A flags word, which contains a 16-bit value that indicates if the file is readable, writable, or can be deleted
- Size of the file in bytes. This is a 16-bit value because the maximum size of the store is defined as 11 KB. This is large enough to handle any file that can be stored.
IMPORTANT: When using the bootloader in debug mode, the Hardware Unique Key (HUK) is used, and appears differently when debugging compared with its appearance in typical usage. This means that when the key checking is performed, the HUK appears to be invalid, causing all inodes and any prior data stored in the secure storage area to be wiped. |