https://community.nxp.com/t5/i-MX-Processors/RT6xx-secure-boot/m-p/1715564#M211847 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/220996">@yoeinhor</a>&nbsp;</P> <P>I am sorry for not getting back to you on time, but, regarding your questions.&nbsp;</P> <P>1 No, the&nbsp;<SPAN>OTP_MASTER_KEY is not necesary for plain signed images</SPAN>&nbsp;. Its use is described at&nbsp;<STRONG>AN12079&nbsp;</STRONG>which is under secure access.</P> <P>2 The implication that I see is that for booting a signed image, you will need to provide a ROM the keys/root certicate in the key store area, instead of the OTPs.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="diego_charles_0-1693549160906.png" style="width: 400px;"><img src="https://community.nxp.com/t5/image/serverpage/image-id/239223iDE4C1CEB022EF1BC/image-size/medium?v=v2&amp;px=400" role="button" title="diego_charles_0-1693549160906.png" alt="diego_charles_0-1693549160906.png" /></span></P> <P>&nbsp;</P> <DIV id="tinyMceEditordiego_charles_1" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <DIV id="tinyMceEditordiego_charles_4" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P>All the best,&nbsp;</P> <P>Diego</P> Fri, 01 Sep 2023 06:20:44 GMT diego_charles 2023-09-01T06:20:44Z https://community.nxp.com/t5/i-MX-Processors/RT6xx-secure-boot/m-p/1695913#M209961 <P>Hello,</P><P>&nbsp;</P><P>I am working on converting RT6xx systems from normal boot to secure boot with plain signed non-XIP images in the field, and have a couple of questions:</P><P>1. OTP_MASTER_KEY: Is this OTP necessary? Why? I saw it is set by the secure provisioning tool but I don't see a reason for it.</P><P>2. Are there any implications to flashing an image with the "image_type" field set to "plain signed non-XIP (0x1)" while secure boot is not enabled in the OTP? Following the boot process diagram in the manual, it seems like the bootloader ROM will treat it the same way as non-signed images, but I need to make sure this is the case.</P><P>&nbsp;</P><P>Thanks.</P><P>&nbsp;</P> Mon, 31 Jul 2023 12:27:49 GMT https://community.nxp.com/t5/i-MX-Processors/RT6xx-secure-boot/m-p/1695913#M209961 yoeinhor 2023-07-31T12:27:49Z https://community.nxp.com/t5/i-MX-Processors/RT6xx-secure-boot/m-p/1715564#M211847 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/220996">@yoeinhor</a>&nbsp;</P> <P>I am sorry for not getting back to you on time, but, regarding your questions.&nbsp;</P> <P>1 No, the&nbsp;<SPAN>OTP_MASTER_KEY is not necesary for plain signed images</SPAN>&nbsp;. Its use is described at&nbsp;<STRONG>AN12079&nbsp;</STRONG>which is under secure access.</P> <P>2 The implication that I see is that for booting a signed image, you will need to provide a ROM the keys/root certicate in the key store area, instead of the OTPs.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="diego_charles_0-1693549160906.png" style="width: 400px;"><img src="https://community.nxp.com/t5/image/serverpage/image-id/239223iDE4C1CEB022EF1BC/image-size/medium?v=v2&amp;px=400" role="button" title="diego_charles_0-1693549160906.png" alt="diego_charles_0-1693549160906.png" /></span></P> <P>&nbsp;</P> <DIV id="tinyMceEditordiego_charles_1" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <DIV id="tinyMceEditordiego_charles_4" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P>All the best,&nbsp;</P> <P>Diego</P> Fri, 01 Sep 2023 06:20:44 GMT https://community.nxp.com/t5/i-MX-Processors/RT6xx-secure-boot/m-p/1715564#M211847 diego_charles 2023-09-01T06:20:44Z