The following document explains how to load an encrypted image using the MCUBoot in the K64.
Download the SDK for the K64, be sure that the MCU boot feature is selected:
https://mcuxpresso.nxp.com/en/welcome
For the example, I’m going to use gpio_led_output. To prepare the example to work with the bootloader, you would need to do the following steps:
Generate the binary for the image to load.
The bootloader can be found in the SDK examples:
In the bootloader_config.h, change the BL_FEATURE_ENCRYPTION_KEY_ADDRESS for outside the code you would load, in this case, I'm going to use the 0xF000:
#define BL_FEATURE_ENCRYPTION_KEY_ADDRESS 0xf000 // NOTE: this address must be 4-byte aligned.
After this, load the firmware to the MCU.
For the next steps we will need to generate the secure file:
Command: elftosb.exe -V -d -f kinetis -n 1 – K 128 -o SBKEK.key
Command: elftosb.exe -V -d -f kinetis -c (bd file path) -k (key path) -o (output path).sb2 (image path)
Now we will load the image using the blhost:
Command: blhost.exe -p COMx – flash-erase-region 0xa000 0x10000
Command: blhost.exe -p COMx – write-memory 0xF000 “{{key generated}}”
Command: blhost.exe -p COMx –read-memory 0xF000 16
Command: blhost.exe -p COMx – receive-sb-file (path encrypted sb file)
After a reset the application should run correctly.