LPC55S16: Secure Boot - skboot_authenticate()

jesm86 · ‎10-09-2023

Hello,

I am currently trying to implement Secure Boot functionality on a LPC55XpressoS16 eval board. My plan was to use the Secure ROM API function skboot_status_t skboot_authenticate(const uint8_t *imageStartAddr, secure_bool_t *isSignVerified) for the image verification.

I managed to access it using the necessary function pointers to the ROM API table. The image itself is signed according to the SPSDK documentation (Link to documentation). I also tried the whole thing using an image that was signed via the NXP Secure Provisioning GUI tool.

My problem now is that the function always returns kStatus_SKBOOT_InvalidArgument. I am actually pretty certain that the imageStartAddr parameter is correct (0x00000000) and that this is not the cause of this.

UM11295 states that this is exactly the same function that the already by NXP implemented secure boot functionality in ROM uses. When I then enabled that secure boot in addition to my own, the one by NXP passed and verified the image (the device booted normally and jumped to the reset handler) but my function again returned "invalid argument". Even though allegedly the same function is used.

Is there something I am overlooking or is there some additional documentation for that function (I already checked the appeneded Rom_API.pdf of the UM11295)?

wgeraedts · ‎07-15-2025

I am encountering the same issue, but on the IMXRT685S EVK. The device is able to succesfully boot a signed Master Boot Image with the correct keys loaded into the RKTH shadow registers. However, calling skboot_authenticate on the same memory region, both in RAM and on external flash, result in kStatus_SKBOOT_InvalidArgument. Taking inspiration from SBL, calling kb_init results in a non-defined return code "10".

Verifying that it works using the Secure Provisioning Tool is not helpful, as the EVK probe presents multiple HID devices, which blhost as used by the Secure Provisioning Tool does not handle correctly.

The wording in UM11147 is not 100% clear on how this function should work. I have also tried verifying a SB1.2 image but that also returns kStatus_SKBOOT_InvalidArgument.

The ROM uses this function during the Secure boot flow to authenticate 1st boot image, and it also uses it to verify authenticity of the SB 2.1 files.

Can you verify that the MIMXRT685S skboot_authenticate should be able to verify correct Master Boot Images from a booted first application?

If you have an engineer that can hop on a call to clear this up, that would be great.

wgeraedts · ‎07-16-2025

After double-checking my solution I have found that the kb_init function is mandatory, and I was passing a too small user buffer to it. You have to submit at least 4096 word-aligned bytes to this function for it to succeed.

With this I was able to verify a SB2.1 image container using skboot_authenticate.

My second question still holds: does the ROM API support validating a Master Boot Image from the application? One such image which the ROM bootloader happily starts up makes skboot_authenticate yield kStatus_SKBOOT_InvalidArgument.

Alice_Yang · ‎10-11-2023

Hello @jesm86

About secure boot, recommend you use MCUXpresso secure provisioning tool:

https://www.nxp.com/design/software/development-software/mcuxpresso-software-and-tools-/mcuxpresso-s...

Refer to User Guider -> 7.3 LPC55Sxx/LPC55xx/LPC553x device workflow.

BR

Alice