The OpenBLT bootloader is an open source project, allowing everyone to access the sources. One downside of this is that if someone knows the OpenBLT bootloader is used in your product, it is relatively easy for them to figure out how to update the firmware in your product. Although this could be a feature of your product, in most cases it is not desirable.

For this reason the bootloader contains a seed/key security module. If this security module is enabled in the bootloader's configuration, updates can only be made by users that have the seed/key shared library (*.dll, *.so) with the correct security algorithm on their PC. If not, then firmware updates are not allowed and the following message appears if it is attempted:

The demo programs are prepared to use the seed/key security module. All that has to be done to enable it, is to set the configuration macro BOOT_XCP_SEED_KEY_ENABLE to a value of 1 in “blt_conf.h”. Once changed the bootloader should be rebuild an programmed into the flash memory of your microcontroller.

#define BOOT_XCP_SEED_KEY_ENABLE        (1)

The next step is to configure the location of the seed/key shared library in Microboot. The demo programs are preconfigured to work with the one called “libseednkey.dll”. This file is located in the same directory as Microboot. Follow these steps:

• Start Microboot by double-clicking “\Host\MicroBoot.exe”.
• Click the “Settings”-button and, on the newly appeared dialog, click the “Options”-button.
• On the “XCP Protection”-tab Click the “Browse”-button and select the file “libseednkey.dll”.
• Click “OK” twice to save the settings.

If you now perform a firmware update, everything will work as usual. The moment you remove the “libseednkey.dll”-file or if it contains an invalid security unlock algorithm, firmware updates will be rejected by the bootloader.

Once the security feature is configured and working, you will want to change the security algorithm. The way is works is that to unsecure the bootloader, the Microboot tool obtains a so-called seed from the bootloader. This seed is typically a sequence of up to 6 bytes. Microboot then passes this seed to the function XCP_ComputeKeyFromSeed() in the seed/key DLL to run your security algorithm, resulting in a so-called key. This key is typically a sequence of up to 6 bytes. Next, Microboot sends this key back to the bootloader. The bootloader runs the same security algorithm to verify the key. If okay, memory operations on memory will be allowed, otherwise rejected.

The bootloader calls two hook-functions during the security unlock procedure: one for obtaining the seed (XcpGetSeedHook()) and one for verifying the key (XcpVerifyKeyHook()). The default example implementation in the demo programs is very simply. The seed is always just one byte with the hexadecimal value of 55h. The security algorithm is such that the value of the key is the value of the seed, minus 1:

blt_int8u XcpGetSeedHook(blt_int8u resource, blt_int8u *seed)
{
  /* set the seed */
  seed[0] = 0x55;

  /* return seed length */
  return 1;
}

blt_int8u XcpVerifyKeyHook(blt_int8u resource, blt_int8u *key, blt_int8u len)
{
  /* the example key algorithm in "FeaserKey.dll" works as follows:
   *  - programming resource will be unlocked if key = seed - 1
   */

  /* check key for unlocking ProGraMming resource */
  if (key[0] == (0x55-1))
  {
    /* correct key received for unlocking PGM resource */
    return 1;
  }

  /* still here so key incorrect */
  return 0;
}

To customize, change the code in these two functions and use your creativity to change the seed generation and the key verification algorithm. One good approach is to use a seed that changes, such as the value of a free running counter of the timer system. Don't forget to rebuild the bootloader and program it into the flash memory of your microcontroller after making changes.

A CMake project is included in the OpenBLT download package for building the example XCP Seed and Key shared library. Under Windows the output is “libseednkey.dll”, and under Linux it is “libseednkey.so”. The CMake project is located in the \Host\Source\SeedNKey\ directory.

To customize the security algorithm, open the source-file “seednkey.c” for editing. The security algorithm is implemented in the XCP_ComputeKeyFromSeed() function. The example implementation matches the security algorithm from the bootloader, where the key is computed by subtracting the value 1 from every byte in the seed:

LIBOPENBLT_EXPORT uint32_t XCP_ComputeKeyFromSeed(uint8_t resource, uint8_t seedLen, 
                                                  uint8_t const * seedPtr, 
                                                  uint8_t * keyLenPtr,
                                                  uint8_t * keyPtr)
{
  uint32_t result = XCP_RESULT_ERROR;
  uint8_t idx;
  
  /* This example implementation of the key algorithm for PGM simply decrements the value
   * of each seed byte by 1. This coincides with the default implementation of the hook-
   * function XcpVerifyKeyHook() in the OpenBLT demo bootloaders.
   */
  if (resource == XCP_RESOURCE_PGM)
  {
    /* Compute the key. */
    for (idx = 0; idx < seedLen; idx++)
    {
      keyPtr[idx] = seedPtr[idx] - 1;
    }
    /* Set the key length. */
    *keyLenPtr = seedLen;
    /* Update the result value. */
    result = XCP_RESULT_OK;
  }
  /* Give the result back to the caller. */
  return result;
}

Customize the key generation algorithm to match the one you implemented in XcpVerifyKeyHook(). Once done, rebuild the XCP Seed and Key shared library. Instructions for building the shared library are located towards the bottom of this page.