The OEMiRoT project uses ExitSecureMemory V1.1 to enable 1 MPU region and start the application. This automatically enables the configured HDP region, so application cannot access the bootloader. The default OEMiRoT project allows for 2 tiny 64kB applications, but I need >128kB for my application, so I added support for external SPI flash for the download location and removed unneeded data areas.
My goal is to fit the bootloader in the first 64kB and have the application use the remaining 192kB. However, an MPU region located at 64kB offset cannot be larger than 64kB itself (offset multiple of size). From a security point of view the bootloader cannot enable anything outside its own scope, but given this limitation (pass a single region to be enabled) it cannot instruct the ExitSecureMemory function to allow all flash from 64kB-256kB to be accessed.
In the documentation (like AN2606) I couldn't find if the application is still allowed to enable another MPU region to allow execution above the 128k offset, or that the ExitSecureMemory function somehow disables application access to the MPU. Par. 4.7.2 of AN2606(rev 64) isn't clear to me as well, what effect does R3=0xFF have in figure 8 if both cases act the same? the "Yes" action should be something else because 0xFF is not a region.
Will the application started by ExitSecureMemory be able to enable another MPU region?
Or should I set the MPU region to be enabled equal to the whole flash (overlapping the HDP area) and relying on HDP to protect the secure bootloader?
