Use the ATK with a secure boot enabled chip.

Document created by Florent Auger Employee on Oct 29, 2012Last modified by Florent Auger Employee on Dec 13, 2012
Version 6Show Document
  • View in full screen mode

Even though the Advanced Tool Kit is not a supported tool anymore, it can be used to provision the code and blow fuses of an i.MX device during manufacturing.

This is true when the secure boot has been enabled, which means that the code downloaded by the ATK to the target must be signed, as it will be authenticated prior to its execution.


Once in secure mode, the Serial Download boot mode (SDP) can only access a restricted range of addresses, which is documented in the DCD section of the reference manual. An attempt to write outside this allowed area will result in an error, and will make the ROM restart the SDP by considering this as an attack.


To automatically detect the mode (engineering or secure/production) of the chip, the ATK writes data to a memory location, and by retrieving the response it knows the configuration.

The response can be one of two values:

0x56787856 means that the chip is in engineering mode.

0x12343412 means that the chip is in production/secure mode.


It should be known that there is a bug that prevents a secure chip from being handled correctly. For instance, to perform the automatic detection mentioned above, the tool writes to 0xFFFF_FFFF for the i.MX25 or even i.MX35. This address is invalid by being outside the allowed address range, so the ROM code aborts the current session, and restarts a new one.


The attached DLL library fixes this issue by writing to an appropriate area like the free iRAM space. This will allow use of the ATK for a chip whose secure boot is enabled.

Outcomes