FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

NXP LPC55S69 Secure Boot Problem

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NXP LPC55S69 Secure Boot Problem

‎05-25-2022 10:45 PM
1,429 Views
jimmy979
Contributor II

Hello,

I have an NXP LPCXpresso55S69 Board and I am trying out secure boot options. I followed the AN12283  LPC55Sxx Secure Boot guide.

When I tried to load an unsigned plain CRC image as described in section 4.2 of the application note, I get the following message from blhost when trying to execute the command

blhost -p COM3,115200 write-memory 0 <path to my bin file>:

jimmy979_0-1653542933956.png

Then I found out about MCUXpresso Secure Provisioning tool which let me build the CRC image and write it. Then I tried using Secure Provisioning tool with random generated RoT keys and SBKEK to sign the image. The image builds successfully but when I tried to write it I get the following error:

jimmy979_1-1653543151564.png

Then I tried to run the same blhost command from the terminal and I see a 0x2712 error before the Signature error shown in Secure Provisioning Tool (I could not find out how to use --check-errors parameter Secure Provisioning Tool suggested).

jimmy979_2-1653543603570.png

I used lpcxpresso55s69_led_blinky example from the SDK2.11.1 and I build it through MCUXpresso IDE v11.5.0.

Thanks in advance,

Jimmy979 

 

Labels (1)
Labels
0 Kudos
Reply
7 Replies

‎05-27-2022 03:13 AM
1,374 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello,

 

If you just  load an unsigned plain CRC image as described in section 4.2 of the application note, 

does the blhost can work well with basic erase/write function ?

There is no relation with secure boot,  could you please try just write simple plain image 

led_blinky.bin ?

 

BR

Alice

0 Kudos
Reply

‎05-28-2022 02:09 AM
1,361 Views
jimmy979
Contributor II

Hi,

I tried to write a plain image but I still got this output:

jimmy979_0-1653728953900.png

BR

Jimmy979

0 Kudos
Reply

‎05-30-2022 12:06 AM
1,344 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello,

So now your chip can not program any image.

How about erase? 

And what do you did about the chip? Configured CMPA or CFPA?

 

BR

Alice

0 Kudos
Reply

‎05-30-2022 10:37 AM
1,334 Views
jimmy979
Contributor II

Hi, Yes I can erase flash. I did it using these commands:

jimmy979_0-1653932035421.png

Also, I can write a CRC image using MCUXpresso Secure Provisioning application.

jimmy979_1-1653932126773.png

I have not configured CMPA or CFPA manually but maybe MCUXpresso Secure provisioning application did? I found CMPA and CFPA configuration through MCUXpresso Secure provisioning app.

jimmy979_2-1653932231685.png

jimmy979_3-1653932247733.png

BR,

Jimmy979

 

0 Kudos
Reply

‎05-31-2022 02:14 AM
1,325 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello ,

Recommend you use only one of the two methods, blhost command as AN12283 , or MCUXpresso Secure Provisioning Tool, not use them together. 

 

BR

Alice

0 Kudos
Reply

‎06-04-2022 01:44 AM
1,297 Views
jimmy979
Contributor II

Hi,

I think I can't update the ROTKH field in CFPA with MCUXpresso secure provisioning tool. Can I update ROTKH manually through ROM API?

Also, what is the procedure to build and write TrustZone images? Is it possible that your TrustZone project consists of two images or only applies to one?

BR,

Jimmy979

0 Kudos
Reply

‎06-06-2022 02:36 AM
1,285 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello ,

1) You can refer to 

"5.4 CFPA page preparation" of AN12283, pay attention:

Alice_Yang_0-1654508122631.png

 

2) About Trustzone project, there is demo under SDK, you can directly refer to.

 

BR

Alice

0 Kudos
Reply