Vault 7: Projects
This publication series is about specific projects related to the Vault 7 main publication.
The flash signature is a special program memory word that gets programmed (only after the entire erase/program/verify
process is completed successfully) with a magic/known value. This value, when present and correctly programmed at the
magic address with the proper value, indicates to the bootloader code that the application firmware image is fully intact.
A typical (successful) bootloading sequence, that uses a flash signature, would be as follows:
1. User boots up microcontroller, which first checks the flash signature word is intact, with the correct/expected value.
1. Assuming the value is correct, this implies that the application image is intact, and the code jumps into the application
firmware run mode.
2. User runs special PC application or something that sends command to the application image, to switch into the
bootloader mode.
3. Firmware executes a goto 0x001C jump straight into the bootloader mode.
4. User starts an erase/program/verify sequence using the PC GUI program for bootloading new firmware images.
5. The firmware begins erasing pages of flash memory. Special care is taken in the implementation to ensure that the flash
signature word is located on the very first flash erase page that gets erased.
6. After total erasure of the application image is complete, the PC GUI sends commands to reprogram the entire application
firmware space with the new image.
7. The PC GUI performs a full verify read back of the flash contents, and verifies that every address contains exactly the
correct values from the hex file.
8. Assuming the entire “verify” operation is successful, the PC GUI sends a “sign flash” command to the bootloader firmware.
9. The bootloader firmware programs the special/magic known value into the special/fixed signature address.
At this point the bootloading process is complete. Upon rebooting the microcontroller, the bootup code checks the flash
signature address to verify that the contents of that flash memory word contain the correct/expected flash signature value.
1. If the value matches the correct/expected value, this implies that the previous erase/program/verify sequence was fully
successful, and therefore, it is safe to jump into and begin executing the application firmware image.
2. If the value does not match (ex: the flash signature word contains an invalid or erased value, like 0xFFFF), then the
bootup code knows that the previous erase/program/verify sequence failed at some point, and therefore, the bootup code
makes sure to stay in bootload mode, allowing the PC GUI application to connect to the firmware and perform another
attempt to erase/program/verify/sign flash sequence.
NOTE: In order for the flash signature feature to fully protect the application from bricking in the event of USB cable
disconnect and/or lost AC power, it is necessary for the flash signature word to be located on the very first erase page
during the erase sequence, and must also be the very last portion of the program memory that gets re-programmed, only
after the rest of the program/verify sequence has been fully completed successfully.
In the current implementation, the flash signature word is located within the application program memory space, at a
specific fixed address. For PIC18 devices, the default address for the flash signature word is 0x1006 (and 1007 for the
MSB). For PIC16 devices, the address for the flash signature word is 0x91E.
1.6.4 Device - CDC Basic Demo
This example shows how to create a basic CDC demo. CDC devices appear like COM ports on the host computer and be
communicated with via regular terminal software.
Description
Supported Demo Boards
The matrix of which demos are supported on a specific board can be found in the Release Notes demo board support
section. Verify that the board you wish to use will work with this demo. This table also describes some of the limitations that
the board might have while running this demo.
Demo Board I/O Mapping
Each demo board has a different number of push buttons, LEDs, and other features with various different names for these
components. To determine which board features are used for which demo features, please refer to the io_mapping.h file in
1.6 Demos MLA - USB Library Help Device - CDC Basic Demo
268
Protego_Release_01_05-Related-OEM-Documentation-MLA_v2013_12_20-help_mla_usb.pdf