Hello,
I have an NXP LPCXpresso55S69 Board and I am trying out secure boot options. I followed the AN12283 LPC55Sxx Secure Boot guide.
When I tried to load an unsigned plain CRC image as described in section 4.2 of the application note, I get the following message from blhost when trying to execute the command
blhost -p COM3,115200 write-memory 0 <path to my bin file>:
Then I found out about MCUXpresso Secure Provisioning tool which let me build the CRC image and write it. Then I tried using Secure Provisioning tool with random generated RoT keys and SBKEK to sign the image. The image builds successfully but when I tried to write it I get the following error:
Then I tried to run the same blhost command from the terminal and I see a 0x2712 error before the Signature error shown in Secure Provisioning Tool (I could not find out how to use --check-errors parameter Secure Provisioning Tool suggested).
I used lpcxpresso55s69_led_blinky example from the SDK2.11.1 and I build it through MCUXpresso IDE v11.5.0.
Thanks in advance,
Jimmy979
Hello,
If you just load an unsigned plain CRC image as described in section 4.2 of the application note,
does the blhost can work well with basic erase/write function ?
There is no relation with secure boot, could you please try just write simple plain image
led_blinky.bin ?
BR
Alice
Hi, Yes I can erase flash. I did it using these commands:
Also, I can write a CRC image using MCUXpresso Secure Provisioning application.
I have not configured CMPA or CFPA manually but maybe MCUXpresso Secure provisioning application did? I found CMPA and CFPA configuration through MCUXpresso Secure provisioning app.
BR,
Jimmy979
Hi,
I think I can't update the ROTKH field in CFPA with MCUXpresso secure provisioning tool. Can I update ROTKH manually through ROM API?
Also, what is the procedure to build and write TrustZone images? Is it possible that your TrustZone project consists of two images or only applies to one?
BR,
Jimmy979