- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
Distributors that offer device programming?
I did a search and found that Arrow offers device programming, but their site doesn't have much information, except for this promo video: Arrow Global Device Programming Services - YouTube
Are there any other vendors that offer this?
I designed a board for a client, who wants to contract out the assembly, but test in house. Is there a way for the customer to program and secure the parts without being able to read the files? I will be furnishing a test fixture with pogo pins and a BDM connector.
I've only done low rate production in house, where I press F5 from an open Code Warrior project. I can't see giving my CW files to my customer.
>I designed a board for a client, who wants to contract out the assembly, but test in house. Is there a way for the customer to program and secure the parts without being able to read the files? I will be furnishing a test fixture with pogo pins and a BDM connector.
If I understand correctly, your main problem is how to avoid your client examining your file. The easiest and safest way to avoid unwanted examination of your files is to pre-load a bootloader that accepts encrypted images for loading. I use this method with a couple more measures and it hasn’t failed yet. Of course, it does require that you have pre-loaded the end boards with this bootloader. What’s the advantage then over pre-loading the whole firmware in the first place? You only have to do it once per MCU. Once the initial bootloader is loaded, you can send your client encrypted firmware updates that your client will have no use other than to load in the specific boards (MCUs) that you have pre-loaded with your bootloader. S/he can also never make more copies than you have pre-loaded as cloning is practically impossible.
AFAIK, there are no tools today that allow encrypted BDM programming. So, if you use standard BDM tools, you’re out of luck.
(But, if BDM is the only option, you can do very little. For example, you could come up with a small custom BDM programmer board to give your client that takes your encrypted files, decrypts them internally, and loads them to the target. Not quite as secure as the built-in bootloader method as it cannot prevent interception between the BDM programmer and the target MCU but, hopefully, the end client won’t go into such extremes trying to get the file. S/he would have to build a target BDM emulator to copy your now decrypted file as it passes from BDM to target MCU – or, at least, grab the security byte and change it to always no-security, then program a board without your security, and read back the whole file. It all depends on how much value your work has for them to want to ‘rip’ it. This method (with the exception the client being smart enough to bypass it as described above, can also control how many copies are made – you put a counter inside your custom BDM programmer to stop after so many successful ‘burns’.)
Tony:
Pre-loading a bootloader sounds like as much work as loading the program and securing it myself.
I think the real solution is to have the programming done by the distributor.
I have no problem giving the code to the guy that paid me, it's HIS clients that want to come in and do their own final assembly and test that I am worried about.
I've only programmed using the P&E Multilink by pressing F5 from within the Code Warrior window. Is there another way to do it without having the Code Warrior project open?
Before I found the "Secure Device" button in the Multilink tab, I was trying to change bit 0 of the NVOPT register. The last line of code in the MCUint.inc file writes 126 to the NVOPT register. I tried to secure the processor by changing it to 127, but it gives an error 18, FFBF.
How to secure the code without using the P&E "Secure Device" button with CW project open?
Yes, I already said that. Pre-loading is as much work as loading the actual app. But, in cases where updates follow -- a very likely situation -- there is no repetition of this programming work from you. It only has to be done once per MCU. So, it's not exactly as much total work if your scenario includes later updates.
There is no 100% safe method to program via BDM without risking theft of code.
You could use a tool like Cyclone PRO (from P&E). You can store up to 8 firmware images (or more with the optional external memory) complete with the desired security setting, etc.
However, like I said in the previous post, with BDM, if someone wants to 'rip' your code, and knows enough about how to do it, s/he could interecept BDM to target MCU comms and get the goods.
BTW, you don't have to give your project files to anyone. Programming only requires the object file (S19 or equivalent) produced by your tool, nothing more.
That's all the help I can offer.
