如何加密FW以编程Creator生成的PSoC 6

你好，USER 4444 43345，
PSoC 6不支持从内部闪存加密FW执行，即没有直接从内部闪存运行加密固件的“即时”解密。此外，没有直接的方法来加密来自PSoC Creator的固件。间接地，可以从HEX文件中提取数据，使用在线工具根据加密要求加密数据，然后用十六进制文件中的加密数据更新HEX数据（可以使用来自SEGER J-Link的J-Flash工具来更新HEX文件中的十六进制数据）。
也就是说，您有以下选项来运行加密固件
使用QSPI和外部存储器：您可以使用QSPI的即时解密功能（128位AES）来解密存储在外部存储器中的固件。这种解密在QSPI的XIP模式中是可用的。您可以使用上面提到的方法生成加密的固件。可选地，您也可以使用HW加密块来加密固件，然后在外部闪存中存储。使用HW加密和内部SRAM：在RAM（通过链接器）定义加密固件的单独部分，比如说‘加密-FW’。把所有的代码应该被加密在这一节中使用“cy_section（”。encryptedfw”）“在函数的宏。除了映射的部分内存，你需要确保你的代码放置在Flash以及。这可以通过使用“：在（flash_addr）”当你定义在GCC GCC链接脚本内存区域。这将确保FW进行加密得到放@ flash_addr位置，链接器使用的内存位置的函数调用。您将需要复制的代码从Flash RAM的代码才能正常启动。现在你需要确保你替换固件在@的加密版本flash_addr正如我前面提到的。现在你的代码，你可以使用硬件加密解密的块在你复制加密的FW到RAM的位置。
例如。
加密的0x0803：AT（0x10005）
{
γ加密
保持（*（加密的FW））
Y-YelpTytEnthix=；
} &公羊
上述地区保持”。encryptedfw”0x10050000和重新定位，在RAM即函数调用0x08030000将内存位置。在你复制代码，你可以使用“&；__encrypt_start__”提取启动内存，你需要复制代码和“&；__encrypt_end__”找到最后的位置在内存中被复制。数据复制将从0x10050000将尺寸“&；__encrypt_end__ -&；__encrypt_start__”。
当做，
Meenakshi Sundaram R



     以下为原文
  Hello user_474444345,
 
PSoC 6 does not support encrypting FW execution from internal flash i.e. there is no 'on-the-fly' decryption to run an encrypted firmware directly from internal flash. In addition, there is no direct method to encrypt the firmware from PSoC Creator. Indirectly, you can extract the data from hex files, use online tools to encrypt the data as per the encryption requirement and then update the hex data with encrypted data in hex file (you can use J-Flash tool from Segger J-Link for the purpose of updating the hex data in hex files)
 
That said, you have the below options to run encrypted firmware -
 

• Using QSPI and external memory: You can use QSPI's on-the-fly decryption functionality (128-bit AES) to decrypt the firmware stored in external memory. This decryption is available in QSPI's XIP mode. You can generate the encrypted firmware using the method I mentioned above. Optionally, you can also use the HW crypto block to encrypt the firmware before storing in external flash.
  
• Using HW Crypto and internal SRAM: Define a separate section for encrypted firmware in RAM (through linker), say '.encryptedFW'. Place all the code that should be encrypted in this section using "CY_SECTION(".encryptedFW")" macro before the functions. In addition to mapping the section to RAM, you need to make sure the code is placed in flash as well. This can be done using ": AT (FLASH_ADDR)" in GCC when you define the RAM area in GCC linker script. Now this will make sure the FW to be encrypted gets placed @FLASH_ADDR location while the linker uses the RAM location for calling the functions. You will have to copy the code from Flash to RAM on boot for the code to function properly. Now you need to make sure you replace the firmware present at @FLASH_ADDR with the encrypted version as I mentioned earlier. Now in your code, you can do decryption using the HW Crypto block before you copy the encrypted fw to the RAM location.
  

 
E.g.
.EncryptedFw 0x08030000 : AT (0x10050000)
{
     __encrypt_start__ =.;
     KEEP(*(.encryptedFW))
     __encrypt_end__=.;
} > ram
 
The above area keeps ".encryptedFW" at 0x10050000 and relocates that to 0x08030000 in RAM i.e. function calls will be made to RAM location. In your copy code, you can use "&__encrypt_start__" to extract the start of RAM where you need to copy the code and "&__encrypt_end__" to find the last location in RAM to be copied. The data to copy will be from 0x10050000 and will be of the size "&__encrypt_end__ - &__encrypt_start__".
 
Regards,
Meenakshi Sundaram R