RPS Format#
The RPS file format is used for delivering update images which are optionally signed and encrypted. An RPS file may contain a TA application image, M4 application image, or both. The format is specified in the table below:
| 46 bytes | 64 bytes | … | 71 or 72 bytes |
|---|---|---|---|
RPS header |
Boot descriptors |
Application binary (size varies) |
Digital signature (optional)¹ |
|
Note: Signature is stored in ASN.1 format, not plain binary. The size of ASN.1 can vary depending on the content. |
|||
The RPS header is defined in the follow table.
| Field | Size (bits) | Description |
|---|---|---|
| Control Flags | 16 |
BIT(0): 0 - NWPSS image
1 – M4 image BIT(1): 0 – No encryption is present 1 - Image is encrypted BIT(2): 0 - CRC based integrity check 1 - MIC based integrity check BIT(3): 0 – No digital signature 1 - Digitally signed (digital signature is located at the end of the RPS file) BIT(4): 0 – image will not be combined with another image 1 – image will be combined with another image BITS: (5-15) - Reserved |
| SHA size | 16 |
Represents the SHA size used to compute the digest for the digital signature
0 - Reserved 1 - SHA_256 2 - SHA_384 3 - SHA_512 |
| Magic word | 32 | 0x900D900D |
| Image Size | 32 | Size of the binary image |
| Firmware Version | 32 | Firmware version number, See table 2.1 for the version layout |
| Flash Address | 32 | Address in flash to store the image |
| CRC | 32 | CRC of the image 1 |
| MIC | 128 | MIC of the image |
| Firmware Extended Version | 32 | Patch Version, Customer ID, Chip id, ROM Version |
| Reserved | 96 | - |
| Magic bytes | 32 | 0x900D900D |
Note:
|
||
The following table describes the boot descriptors layout.
Field | Size (bytes) | Description |
|---|---|---|
Magic pattern | 2 | Pattern for identification of a valid Flash content (0x5aa5) |
Offset | 2 | Offset of the binary image where the transfer should start from flash to RAM |
IVT offset | 4 | Value to program VTOR register |
Bootloader descriptor entries | 56 | Bootloader descriptor entries which are executed by the Bootloader while loading firmware. See following table that describes the bootloader descriptors layout. Space is provided for 7 bootloader descriptor entries. |
The following table describes the bootloader descriptors layout.
Field | Size (bits) | Description |
|---|---|---|
Length | 24 | Length of transfer to destination |
Reserved | 7 | - |
Last entry | 1 | If set, indicate it is last boot descriptor entry |
Destination address | 32 | Destination address |
Encrypted XIP#
Encrypted execute-in-place (XIP) allows encrypted firmware images to be decrypted immediately before runtime. Encrypted XIP is useful when program and data are stored in external flash.
In-System Programming (ISP)#
The secure firmware upgrade feature of the security bootloader checks the authenticity and integrity of the new firmware image, provided that these features have been enabled in the eFuse settings. The security bootloader will only update the image after successfully validating the authenticity of the image using the digital signature check and the integrity of the image using the MIC check, depending on which checks are enabled. If enabled, the anti-rollback feature will prevent downgrades to a lower firmware version, refer to section 2.x for more details. The security bootloader also supports OTA updates.