LPC55S69 : Firmware update

cancel
Showing results for 
Search instead for 
Did you mean: 

LPC55S69 : Firmware update

833 Views
EugeneHiihtaja
Senior Contributor I

Hello !

SB 2.1 file is always encypted and signed. It means it is no any way to flash it into memory by using ISP type of update .

is this so ?

"

The recommended method to perform secure firmware updates is as follows:
• User application receives an encrypted SB file containing new firmware and
stores it in external SPI flash, or a similar memory.
• Use API to authenticate SB file.
• Use API to decrypt and load the SB file.
• If also using secure boot, the API can be used to authenticate the new firmware in
flash before rebooting into it. If this final authentication fails, the new firmware should
be made non-executable by erasing and writing over critical regions of it such as the
vector table. Even if not using secure boot, the code written to flash can still be signed
to support this final authentication step.

"

it means I should implement own application what receive image to second part of flash, encrypt it

and recopy to first part of flash memory and after that execute reboot.

But if image just signed, it can be flashed via ISP directly to flash memory and after that via secure reboot it might boot or not.

In this case encyption can be done on fly .

But 

"The recovery boot mode on the 1B version of the LPC55S6xx that is using SB 2.1, only
supports two commands:
WriteMemory (RAM only) and Execute.

"

So it is always possible to load any image to RAM and execute it if no bootable image is exists on flash.

Is this so ?

For secure boot we need to prepare CFPA/CMPA page and it enable secure boot.

But what about erasing of this page and write it again. Can it be done ?

Regards,

Eugene

Labels (1)
0 Kudos
5 Replies

511 Views
FelipeGarcia
NXP TechSupport
NXP TechSupport

Hi Eugene,

 

Please check my answers below:

 

- SB 2.1 file is always encypted and signed. It means it is no any way to flash it into memory by using ISP type of update .

is this so ?

From UM:

If inauthentic firmware may be written to the device, causing it to not boot. In the most basic sense, secure firmware update simply performs an authentication of the new firmware prior to committing it to memory.

- So it is always possible to load any image to RAM and execute it if no bootable image is exists on flash.

Is this so ? 

If you mean when secure boot is not enabled then yes, you can load any image to RAM and execute it by using ISP commands.

 

- For secure boot we need to prepare CFPA/CMPA page and it enable secure boot.

But what about erasing of this page and write it again. Can it be done ? 

Yes, but in In ROM A0 after programming signed image there is no way to read or write CFPA, CMPA pages through ISP.

 

For further details please refer to the following application note about secure boot.

https://www.nxp.com/docs/en/application-note/AN12283.pdf

 

Best regards,

Felipe

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

511 Views
EugeneHiihtaja
Senior Contributor I

Hi Felipe !

 It is not so clear case when Secure Boot is enabled and it is written limited ISP command only cab be used.

How define that list of limited commands ?

Or it means only SB2.1 file ( Silicon 1B) can uploaded by ISP to MCU.

At list all Read and Flash commands should be disabled.

I would like to have few KB in SRAM to keep it over update/reboot and be sure if no way to read those back.

Thank you !

Regards,

Eugene

0 Kudos

511 Views
FelipeGarcia
NXP TechSupport
NXP TechSupport

Hello Eugene,

 

Just to confirm about this, we received the following information.

The limited ISP command means the DCFG_CC_SoCU Bit 6: ISP_CMD_EN - Enable boot flow commands. Enables command to boot from specific ISP mode. If configure this bit , ISP commands will be limited.

Best regards,

Felipe

0 Kudos

511 Views
EugeneHiihtaja
Senior Contributor I

Hi felipegsoto‌ !

But this chapter is not explain what exact read/write ISP command remains in case if Secure boot enabled.

Regards,

Eugene

0 Kudos

511 Views
FelipeGarcia
NXP TechSupport
NXP TechSupport

Hi Eugene,

 

We are still waiting internally to get this information, I will let you know once we have more information.

 

Best regards,

Felipe

0 Kudos