How to secure FOTA update for LPC55S16?

j_bos — Wed, 29 Jan 2025 10:07:18 GMT

How to secure OTA firmware update for ? A dual image solution where one overwrites the other seems not feasible because the Secure Boot ROM does not support multiple images? Also there are no secondary secure bootloaders that support booting verified (encrypted and signed SPSDK) images?

So the way to go is using recovery boot from an external 1-bit SPI flash device with an SB2.1 image? Is there an example for this? Or is the “MCU-OTA SBL and SFW” the canonical path, and how does this relate to SPSDK?

I’m sort of lost in the woods here on how to approach OTA firmware update and have secure/verified boot. I have looked at the references below.

Re: How to secure FOTA update for LPC55S16?

Habib_MS — Tue, 04 Feb 2025 22:10:59 GMT

Hello @j_bos ,
As mentioned in the chapter 2.4 called "Encrypted PRINCE flash region" in the AN12283,
LPC55Sxx supports 3 regions that allow multiple code images from independent encryption base to co-exist. You can use this method in order to put more encrypted regions. In the other hand, taking by reference the AN12327 you can use a secondary bootloader to receive a second image, where in general will be how the next figure.

Also, in the same app note (AN12327) are mentioned two codes where you can find both in NXP documentation clicking the next button:

I highly recommend take by reference the SDK (version 24.12) example called "mcuboot_opensource", where is in the LPCxpresso55s69 SDK.

Also, if you experience any issue, do not hesitate to let me know.

BR
Habib.

LPC MicrocontrollersのトピックRe: How to secure FOTA update for LPC55S16?

How to secure FOTA update for LPC55S16?

Re: How to secure FOTA update for LPC55S16?