帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

NXP LPC55S69 Secure Boot Problem

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

NXP LPC55S69 Secure Boot Problem

‎05-25-2022 10:45 PM
1,099 次查看
jimmy979
Contributor II

Hello,

I have an NXP LPCXpresso55S69 Board and I am trying out secure boot options. I followed the AN12283  LPC55Sxx Secure Boot guide.

When I tried to load an unsigned plain CRC image as described in section 4.2 of the application note, I get the following message from blhost when trying to execute the command

blhost -p COM3,115200 write-memory 0 <path to my bin file>:

jimmy979_0-1653542933956.png

Then I found out about MCUXpresso Secure Provisioning tool which let me build the CRC image and write it. Then I tried using Secure Provisioning tool with random generated RoT keys and SBKEK to sign the image. The image builds successfully but when I tried to write it I get the following error:

jimmy979_1-1653543151564.png

Then I tried to run the same blhost command from the terminal and I see a 0x2712 error before the Signature error shown in Secure Provisioning Tool (I could not find out how to use --check-errors parameter Secure Provisioning Tool suggested).

jimmy979_2-1653543603570.png

I used lpcxpresso55s69_led_blinky example from the SDK2.11.1 and I build it through MCUXpresso IDE v11.5.0.

Thanks in advance,

Jimmy979 

 

标签 (1)
标签
0 项奖励
回复
7 回复数

‎05-27-2022 03:13 AM
1,044 次查看
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello,

 

If you just  load an unsigned plain CRC image as described in section 4.2 of the application note, 

does the blhost can work well with basic erase/write function ?

There is no relation with secure boot,  could you please try just write simple plain image 

led_blinky.bin ?

 

BR

Alice

0 项奖励
回复

‎05-28-2022 02:09 AM
1,031 次查看
jimmy979
Contributor II

Hi,

I tried to write a plain image but I still got this output:

jimmy979_0-1653728953900.png

BR

Jimmy979

0 项奖励
回复

‎05-30-2022 12:06 AM
1,014 次查看
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello,

So now your chip can not program any image.

How about erase? 

And what do you did about the chip? Configured CMPA or CFPA?

 

BR

Alice

0 项奖励
回复

‎05-30-2022 10:37 AM
1,004 次查看
jimmy979
Contributor II

Hi, Yes I can erase flash. I did it using these commands:

jimmy979_0-1653932035421.png

Also, I can write a CRC image using MCUXpresso Secure Provisioning application.

jimmy979_1-1653932126773.png

I have not configured CMPA or CFPA manually but maybe MCUXpresso Secure provisioning application did? I found CMPA and CFPA configuration through MCUXpresso Secure provisioning app.

jimmy979_2-1653932231685.png

jimmy979_3-1653932247733.png

BR,

Jimmy979

 

0 项奖励
回复

‎05-31-2022 02:14 AM
995 次查看
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello ,

Recommend you use only one of the two methods, blhost command as AN12283 , or MCUXpresso Secure Provisioning Tool, not use them together. 

 

BR

Alice

0 项奖励
回复

‎06-04-2022 01:44 AM
967 次查看
jimmy979
Contributor II

Hi,

I think I can't update the ROTKH field in CFPA with MCUXpresso secure provisioning tool. Can I update ROTKH manually through ROM API?

Also, what is the procedure to build and write TrustZone images? Is it possible that your TrustZone project consists of two images or only applies to one?

BR,

Jimmy979

0 项奖励
回复

‎06-06-2022 02:36 AM
955 次查看
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello ,

1) You can refer to 

"5.4 CFPA page preparation" of AN12283, pay attention:

Alice_Yang_0-1654508122631.png

 

2) About Trustzone project, there is demo under SDK, you can directly refer to.

 

BR

Alice

0 项奖励
回复