- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
-
- Home
- :
- General Purpose Microcontrollers
- :
- LPC Microcontrollers Knowledge Base
- :
- [LPC55S6x] SB File Preparation and Usage on LPC55S6x 1B Version
[LPC55S6x] SB File Preparation and Usage on LPC55S6x 1B Version
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
[LPC55S6x] SB File Preparation and Usage on LPC55S6x 1B Version
[LPC55S6x] SB File Preparation and Usage on LPC55S6x 1B Version
I already have several customers met SB file loading error Inject command 'receive-sb-file' while working on LPC55S6xx 1B version. There is significant change of Secure Boot in LPC55S6xx 1B version and 0A version. To solve this problem, we need to understand it first.
1 SB2.1 vs. SB2.0
SB2 container is described in elftosb User’s Guide. SB file config file contains configuration commands that will be processed after SB2 file is loaded in the device. The image location is stated in the "sources" .bd file section. SB key in text file is used for encryption with elftosb command line tool.
The 0A version of the LPC55S6xx silicon supports version 2.0 of the SB image format.
The 1B version of the LPC55S6xx silicon supports version 2.1 of the SB image format.
The main difference between version 2.0 and version 2.1 is in the usage of the digital signature.
SB 2.0 is encrypted and SB2.1 is encrypted + signed.
2. SB file Preparation and Usage
Example of use (Encrypted SB2):
elftosb -f lpc55xx -k "sbkek.txt" -c "commandFile.bd" -o "output.sb2" "input.bin"
where
-f = family lpc55xx
-k = path to KEK file (SBKEK)
-c = path to command file to be processed:
options {
flags = 0x4; // 0x8 encrypted + signed, 0x4 encrypted
buildNumber = 0x1;
productVersion = "1.00.00";
componentVersion = "1.00.00";
}
sources {
inputFile = extern(0);
}
section (0) {
erase 0x0..0x40000;
load inputFile > 0x0;
}
-o = path to output file
files... = path to files (usually image files), which will be replacing placeholders defined in command file, paths can be hardcoded in command file and then not inserted as input
Example of use (Encrypted + Signed SB):
1 root key
elftosb.exe -f lpc55xx -k "sbkek.txt" -c "commandFile.bd" -o "output.sb2" -s "selfsign_privatekey_rsa2048.pem" -S
"selfsign_v3.der.crt" -R "selfsign_v3.der.crt" -h "RKTH.bin" "input.bin"
4 root keys
elftosb.exe -f lpc55xx -k "sbkek.txt" -c "commandFile.bd" -o "output.sb2" -s private_key_1_2048.pem -S certificate_1_2048.der.crt -R certificate_1_2048.der.crt -R certificate_2_2048.der.crt -R certificate_3_2048.der.crt -R certificate_4_2048.der.crt -h "RHKT.bin" "input.bin"
where
-f = family lpc55xx
-k = path to KEK file (SBKEK)
c = path to command file to be processed
options {
flags = 0x8; // 0x8 encrypted + signed, 0x4 encrypted
buildNumber = 0x1;
productVersion = "1.00.00";
componentVersion = "1.00.00";
}
sources {
inputFile = extern(0);
}
section (0) {
erase 0x0..0x40000;
load inputFile > 0x0;
}
-o = path to output file
-s = path to private key of certificate used for signing
-S = path(s) to certificates in certificate chain, each certificate in chain must be specified with new -S switch in order of how was chain created (root certificate first)
-R = path(s) to root certificate(s), 1-4 root certificates can be specified, each root certificate must be specified with new -R switch, one of the root certificates must be first certificate specified by -S switch
-h = path and name of output binary file generated by elftosb, which contain hash of hashes of all root certificates (RKTH), which must be uploaded to the device register
files... = path to files (usually image files), which will be replacing placeholders defined in command file, paths can be hardcoded in command file and then not inserted as input
The SB2.0 file created with the updated binary image can be loaded into the device through ISP command handler with command “receive-sb-file“
blhost -p COMxx receive-sb-file <path to the secured binary(.sb2)>
The SB2.1 file created with the updated binary image can be loaded into the device through ISP command handler with command “receive-sb-file“ but keep in mind that before sending SB2.1 file into device has to be there already RKTH in CMPA (see AN12283 chapter 5.5 CMPA preparation) and enabled RoT keys in ROTKH_REVOKE field at CFPA page address 0x9DE18 (see chapter AN12283 5.4 CFPA preparation).
blhost -p COMxx receive-sb-file <path to the secured binary(.sb2)>
After successfully loading the SB2 file it is executed as configured in SB configuration file (.bd file). The above figure shows an example of SB configuration file. When the file is executed, the internal flash address from 0x0 to 0x40000 is erased. After flash erase operation, the image mentioned in the sources parameter is loaded to address 0x0.
Reset the device after these operations. The updated image loaded into internal flash starts to execute.
English and Chinese versions of this article are both attached.
