ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

LPC55s1x Storing Data in Flash and Secure Boot

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

LPC55s1x Storing Data in Flash and Secure Boot

ソリューションへジャンプ
‎04-30-2021 05:13 PM
1,936件の閲覧回数
MattInSeattle
Contributor III

Hi, I'm using a 256K LPC55S16 and have some user calibration data stored in the region 0x3C800-0x3CFF. Recall 0x3D000 and beyond is NXP reserved and contains CFPA, CMPA, keys, etc.

I am also using HID bootloader to load a sb2 via ReceiveSbFile command. The SB2 file is prepared via NXP Secure Provisioning Tool 2.1.

Everything works as expected, but when I use ReceiveSbFile in HID bootloader to update with a signed image then the calibration data stored in 0x3C800-0x3CFF is erased.

Is there a way to prevent this from happening?

I am aware of customer regions in CFPA and CMPA, but they are too small.

Thanks!

0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎05-01-2021 12:14 PM
1,924件の閲覧回数
MattInSeattle
Contributor III

I have figured this out: The provisioning tool creates a file called signed_sb.bd, and inside that file there is a line that says

"erase all"

You can changed that to 

erase 0x0000..0x3C600;

and just that range will be erased. But, when you run the provisioning tool "build image" again, it will revert to the "erase all" which can confuse things. 

Another point of confusion is that if you specify an axf for the provisioning tool input, it appears to silently convert it to a bin and move it to a new directory and that step won't be captured in the scripts. So, the end result if you specify an axf for input is that the tool works, but the scripts don't. The solution is to force a bin in mcuxpresso via post build step, and then use that bin in the provisioning tool. Then the script works. 

One last note of caution to myself: Just exporting the keys to a safe location doesn't seem to be everything you need in the event of a disaster. You also need the SBKEK. 

Clarification on the manual discrepancy noted previously would be appreciated. Thanks

元の投稿で解決策を見る

0 件の賞賛
返信
2 返答(返信)

ソリューションへジャンプ
‎04-30-2021 05:33 PM
1,934件の閲覧回数
MattInSeattle
Contributor III

BTW, the documentation has an inconsistency. In the PDS (Table 6), the ending address is reported as 0x3FFFF and it says the "last 17 pages (12K) are reserved" yielding 244K of internal flash memory.

In the user's manual (table 4) it says "the last 17 pages (10 KB)" are reserved on the 256K flash device, yielding 246K of internal flash memory.

0x40000 - 10K = 0x3D800

0x40000 - 12K = 0x3D000

Which is correct? A page is 512 bytes, so I don't understand the math above in either case. 17 pages * 512 = 8704 bytes, which seems a strange number.

0 件の賞賛
返信

ソリューションへジャンプ
‎05-01-2021 12:14 PM
1,925件の閲覧回数
MattInSeattle
Contributor III

I have figured this out: The provisioning tool creates a file called signed_sb.bd, and inside that file there is a line that says

"erase all"

You can changed that to 

erase 0x0000..0x3C600;

and just that range will be erased. But, when you run the provisioning tool "build image" again, it will revert to the "erase all" which can confuse things. 

Another point of confusion is that if you specify an axf for the provisioning tool input, it appears to silently convert it to a bin and move it to a new directory and that step won't be captured in the scripts. So, the end result if you specify an axf for input is that the tool works, but the scripts don't. The solution is to force a bin in mcuxpresso via post build step, and then use that bin in the provisioning tool. Then the script works. 

One last note of caution to myself: Just exporting the keys to a safe location doesn't seem to be everything you need in the event of a disaster. You also need the SBKEK. 

Clarification on the manual discrepancy noted previously would be appreciated. Thanks

0 件の賞賛
返信