LPC55Sxx with PRINCE: write flash in chunks, and flash reading via ROM API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LPC55Sxx with PRINCE: write flash in chunks, and flash reading via ROM API

405 Views
keepcoding
Contributor I

Hi

I have a couple questions regarding the PRINCE functionality of the LPC55Sxx series.

1. The manual says all the encrypted memory should be written at once. But that is not possible if I want to do a firmware upgrade, since the whole firmware would have to be placed into RAM first and then copied into flash, right? Can't I erase and write page by page when using encryption?

2. Reading the encrypted memory doesn't seem to work when using the ROM API. FLASH_Read() function returns garbage, whereas when I do a simple memcpy() I get the correctly decrypted data...

0 Kudos
Reply
5 Replies

385 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello @keepcoding 

  1. To ensure the integrity of encryption, write all data at once.
  2. FLASH_Read() read physical Flash data directly without going through PRINCE hardware decoding, resulting in returning encrypted "garbage" data. memcpy() may read memory directly through the CPU, triggering the hardware decoding mechanism.

 

BR

Alice

0 Kudos
Reply

379 Views
keepcoding
Contributor I

Ok, but how do I write all data at once? The amount of data I want to write is larger than the available SRAM on the chip, so where should I put the data before "writing it to flash at once"?

0 Kudos
Reply

332 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello @keepcoding 

Thanks for your reply.

I also checked our SDK demo, yes  this is the limitation. 

Check that the whole encrypted subregions will be writen at once. If not , will return Error.

Alice_Yang_0-1753436051456.png

 

BR

Alice

 

0 Kudos
Reply

245 Views
keepcoding
Contributor I

I did a quick test by using the normal erase and write functions to fill the encrypted region (write data chunk by chunk). This appears to be working just fine.

So now I'm wondering, why does the documentation state that it needs to be written at once?  Is there something I don't see? Could you please shed some more light on this?

0 Kudos
Reply

240 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello @keepcoding 

Please have a look at the below thread:

https://community.nxp.com/t5/LPC-Microcontrollers-Knowledge/LPC55-Avoid-Crypto-Enabling-Discontinuou... 

"According to UM11126(49.16.1 Functional details), each crypto region has its own SKEY and IV code. SKEY and IV are used together by the PRINCE when encrypting or decrypting the data in the sub-regions of crypto region.

For Instance, For PRINCE region1, each time after we execute erasing operation, new Skey1 and IV1 are generated, thus when executing erase/read/write operation to another sub-region, the old IV1 and new IV1 don’t match, which causes PRINCE can’t decrypt correctly."

 

BR

Alice

0 Kudos
Reply