Hi
The encryption is supported as option in the "Bare-Minimum" boot loader and not in the serial boot loader.
When using SD card loading the file on the SD card is binary (with a small header so that it can be recognised that it is a valid file and not just one that happend to have the expected name). The same tool is used to add the header as used to encrypt and so the file can be encryptd by adding the encryption key settings, however the SD card loader would just copy the content directly to the Flash application area where it could of course not be able to operate.
It would be possible to work with the encrypted content if the algorithm used in the Bare-minimum (BM) loader code were inserted between the encrypted content and the internal flash. It would have to be used in two cases:
- when checking the content of the file to see whether it is the same as that already loader (to avoid always updating the code after every start with the card inserted)
- when programming the SD card content to the application area in Flash
Another method is to mix the BM-loader with the serial loader (that is, the BM loader boots the serial loader, which then boots the application) which is described in this document where SREC downloads are encyrpted
http://www.utasker.com/docs/uTasker/uTaskerSecureSREC.pdfThe problem with this is that it requires intermediate storage space which can be a waste of flash in some cases.
I have just realised that I have been involved with a project where we keep a local copy of the 'last' software version so that it is possible to automatically restore to a previous SW in case a new version causes problems. This is stored in SPI Flash and also stored in its original encypted form. In order to know whether the code is the same as the one in Flash I read it and decrypt it a block at a time and compare with the application code. This means that I probably have the code required to do this already, whereby the only difference is that the buffers are filled from the source on a file on the SD card rather than from a buffer read from SPI Flash.Is your question out of curiosity or due to a read requirement?
If a real requirement it is certainly possible but will need this extra code and a bit of testing in the new environment (maybe some configuration and adaptation for the SD card interface but nothing that should cause any big difficulties). The processor also needs to be protected of course (block Jtag andn Ezport access) so that the code is protected once it has been written to internal Flash but this involves just setting the Flash configuration bits in the boot loader to do this.
Regards
Mark