FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

LPC55S69 encrypting binary using SBKEK

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LPC55S69 encrypting binary using SBKEK

‎06-03-2019 05:38 AM
1,774 Views
hassan_moutar
Contributor I

I have encrypted a binary using the method described in AN12283 section 5.6. The key (SBKEK) is loaded successfully to the device with ELFTOSB-GUI tool.  The issue I have is that , after flashing the SB2 file with blhost in to the device the application is not running. Attached are the files used to generate the SB2. 

Why is the application not running?

I have skipped the signing part (section 5.5) is this necessary? I currently only want an encrypted binary. 

Thanks

Labels (1)
Labels
AN12283_encrypted_bin_ledblinky.zip
0 Kudos
Reply
3 Replies

‎06-04-2019 11:53 PM
1,584 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello hassan M,

1) If you doesn't singe image, you can still read the flash through blhost. So you can read it out to

compare with your original binary file.

2) AN12283  mainly introduce the method of Singe image to secure boot, I think the "secure boot" is meaningless if you

doesn't singe it . I recommend you refer to the steps as the AN mentioned.


Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

‎06-06-2019 07:22 AM
1,584 Views
hassan_moutar
Contributor I

Hello Alice,

Thank you for your reply.

As for your first remark. When attempting to read out the memory I get the following error from blhost utility.

"Ping responded in 1 attempt(s)
Inject command 'read-memory'
Response status = 10001 (0x2711) Command disallowed when security is enabled.
Response word 1 = 0 (0x0)
Read 0 of 10 bytes."

When the SBKEK key is set, reading of the memory is no longer possible. 

Point 2:

Application note AN12283 section 5.6.1  says the following: 

"SB2 file is symetrically encrypted. For decryption of the file, the key has to be loaded into
device. The key size for SB2 file is 256-bits. During boot, the SB key is used with AES to
decrypt the SB2 file. "  

What I understand from the above is that the encryption is done using the the SBKEK. The signing is for making sure only signed firmware can be flashed and will not encrypt the binary image.  

I will create a singed image and report back if this fixed the issue. 

Regards,

Hassan

0 Kudos
Reply

‎06-10-2019 03:00 AM
1,584 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello hassan Moutar,

Using  the SBKEK just encryption transmission. 

And when when using Blhost reand memory, it said "security is enabled.", I think you have config CFPA (5.4).

Yes, please using the singed image to have a try.

BR

Alice

0 Kudos
Reply