MCUXpresso SDK API Reference Manual  Rev. 0
NXP Semiconductors
 All Data Structures Functions Variables Typedefs Enumerations Enumerator Groups Pages
Amazon FreeRTOS Reference Bootloader

The reference bootloader demonstrates features for supporting OTA and crypto signature verification on boot.

Note that currently the reference bootloader works on Microchip only.

Building the bootloader

  • Install python 3 or higher Python Download Check if you can run command: python --version, it should output 3.x.x
  • Install pip if not already available on system follow instructions at https://pip.pypa.io/en/stable/installing/
  • Install pyopenssl by executing pip install pyopenssl
  • Put the ECDSA code signer certificate in pem format in the path - \demos\common\ota\bootloader\utility\codesigner_cert_utility rename the cert to aws_ota_codesigner_certificate.pem
  • The codesigner_cert_utility.py runs as the pre build step for the bootloader project and extracts the public key in aws_boot_codesigner_public_key.h which is then linked in the bootloader.

Building the OTA application image

  • Update the OTA sequence number in file \demos\common\ota\bootloader\utility\user-config\ota-descriptor.config The OTA sequence number should be incremented for every new OTA image generated as the bootloader will determine the application to boot from this sequence number.
  • Update the application version number in \demos\common\include\aws_application_version.h
  • The ota_image_generator.py utility runs as the post-build step and generates the final OTA binary file that should be uploaded when creating OTA job. The name of the binary has the extension of ota.bin. ex - mplab.production.ota.bin
  • Build the aws_demos project. That project must build the bootloader first (as a loadable project), then the application, and finally generate required OTA binaries.
  • For debug builds, running the factory image generation script is not required. For production builds, running the factory image generation script is necessary. In production, the factory image should be signed with the bootloader verifying its crypto signature. Please follow the instructions below to generate a unified hex file containing the crypto signature.

Building the factory image

  • Install the SREC tool: http://srecord.sourceforge.net/ Add the tools srec_cat and srec_info to the system PATH.
  • Update the desired OTA sequence number and Application Version, as described in above steps.
  • Build the aws_demos project and run the utility script factory_image_generator.py under the utility folder to generate a factory image.

``` python factory_image_generator.py -b mplab.production.bin -p MCHP-Curiosity-PIC32MZEF -k test_private_key.pem -x aws_bootloader.X.production.hex ``` -mplab.production.bin is the application binary (this is not OTA binary) -MCHP-Curiosity-PIC32MZEF is the platform name -test_private_key.pem is the private key -aws_bootloader.X.production.hex is the bootloader hex

The unified hex file generated has the extension factory.hex for ex - mplab.production.factory.unified.hex

Flashing the factory image

  • Open MPLAB IPE and connect to the target curiosity board using an ICD4.
  • Erase the device.
  • Load the generated factory hex file i.e. mplab.production.factory.unified.hex.
  • Click program and wait for programming to complete.
  • Remove the ICD4 header; if everything is setup correctly you should see console logs for booting the image on first bank.