Problem using elftosb and blhost utility

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Problem using elftosb and blhost utility

Jump to solution
1,784 Views
saurabhsaxena
Contributor III

Hi,

I have created a secure binary file using elftosb utility with the following *.bd file

#Adding the sources in the Command file


sources {
   CIU_app="ISS_CIU_App.out";
}
section (0) {
erase 40K..42K;

load CIU_app;
reset;
}

further I use the following command to invoke the elftosb utility

elftosb -V -c Cmd_file.bd -z -o app_secure.sb

I am using the default zeroed key for encryption as it is mentioned in the mannual that the key need to written in the harware too?? 

After the app_secure.sb file is generated I am trying to flash it using the blhost utility with the following invokation

blhost -p COM3 receive-sb-file C:\app_secure.sb

After this I get the following error which I cant understand

test1.png

What does this error means?? I have not used any jump command in my Cmd_file.bd

I been reading the User guide, I see many gaps, are there any other documentation

0 Kudos
Reply
1 Solution
1,325 Views
saurabhsaxena
Contributor III

Hi,

The Issue was incomplete knowledge of subject.

The Section being erased doesn't have any relation to the absolute address where the encrypt image goes in my design, also I am missing .srec, qspi_config_block.bin, hence the qspi is a must for this, which I didn't wanted to use as I wanted the Image to go on internal flash.

In other words I wanted to encrypt Application binary using key blob(as seen in *.bd file), but wanted to flash it into internal Flash, which is generally out of the scope of NXP Kinetis Bootloader Utility (elftosb). For following the other way you must use what Kerry described in her reply and flash encrypted file on external flash. (.srec, .bd, .sb. qspi_config_block.bin)

Hence the *.bd file is suitable for Encrypting Application on External Flash.

I achieved my target but I have to reinvent the whole wheel.

Best Regard

Saurabh Saxena

View solution in original post

4 Replies
1,326 Views
saurabhsaxena
Contributor III

Hi,

The Issue was incomplete knowledge of subject.

The Section being erased doesn't have any relation to the absolute address where the encrypt image goes in my design, also I am missing .srec, qspi_config_block.bin, hence the qspi is a must for this, which I didn't wanted to use as I wanted the Image to go on internal flash.

In other words I wanted to encrypt Application binary using key blob(as seen in *.bd file), but wanted to flash it into internal Flash, which is generally out of the scope of NXP Kinetis Bootloader Utility (elftosb). For following the other way you must use what Kerry described in her reply and flash encrypted file on external flash. (.srec, .bd, .sb. qspi_config_block.bin)

Hence the *.bd file is suitable for Encrypting Application on External Flash.

I achieved my target but I have to reinvent the whole wheel.

Best Regard

Saurabh Saxena

1,325 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi Saurabh Saxena,

   Please tell me what the kinetis chip you are using? If you are using the official board, please also tell me the board name.

   You can share me your .srec, .bd, .sb. qspi_config_block.bin, I will help you to check it on my side.

   Besides, we have a according post about it, please refer to it, then try it again:

Encrypted QuadSPI image Implementation 


Have a great day,
Kerry

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply
1,325 Views
saurabhsaxena
Contributor III

Hi Kerry,

I did some research and found out that security is only available for the OTFAD (QSPI) based external flash.

But I also found that there is a way to enable the MMCAU unit in the Bootloader(KBoot)

Please see the below Picturebootloader_config.png

But its not enabled by default. (As BL_FEATURE_ENCRYPTION_MMCAU) is 0

I want to enable this and rewrite the Kboot in my target board.

Do you have any material on this?

1,325 Views
saurabhsaxena
Contributor III

Hi Kerry,

I am using the Kinetis K81, I have done all the formality for the full access. I am using the Tower K81 Pos Board.

Srec file: I have created a *.srec file using the ltc_aes driver(Renamed as ISS_CIU_App.srec)  given in examples.

Bd File: BI have used the following *.bd file


keyblob (0) {
(
start=0x0000A000,
end=0x03FFFFFF,
counter="0123456789ABCDEF",
key="000102030405060708090a0b0c0d0e0f"
)
 ()
 ()
 ()
}

sources {
   CIU_app="ltc_aes.srec";
}
section (0) {
   erase 40K..42K;
   load CIU_app;
}

I dont want to use qspi

My main motive is to encrypt the internal flash. Please help.

When I use the commands 

blhost -p COM3 receive-sb-file C:\app_secure.sb

 

I get an error that JUMP and RESET encountered (even though I have not give any JUMP Command)

0 Kudos
Reply