Security Boot LPC1830

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security Boot LPC1830

917 Views
kensu
Contributor V

Dears,

I have a question about LPC1830 security boot,

After reading the LPC1830 user manual and lpcscript user guide, the security boot will be:

Encrypt :  

      Call Image Manager to encrypt the binary image with the 128-bit key and add the required
header on PC side.

Program the AES 128-bit key:  

      Call LPCScrypt and pass a single command to program the AES 128-bit key into OTP
memory on the MCU.

After power reset, the boot code will decrypt the boot image by AES key and header,

Question1: Can I do this in my application code?

pastedImage_4.png

Because I will have two image, image 1 boot without security encrypt, image2 will encrypt by lpcscript tool , and the image1 will decrypt image2 to another ram(ex: SDRAM). In other words, my image1 do the job same as the ROM boot code. Is it possible? I think one of the problem is I don't know the header information added by lpcscript tool.

Or I don't need know the header information because AES engine will do this job, --> I can do the same as job as ROM boot code.

Question2:

If my idea is not work, from user manual, the AES engine can use "key2" to decrypt data, the problem will be "how can I encrypt the image with lpcscript tool" and then decrypt this image by key2?

Thanks

Ken

Labels (4)
Tags (3)
0 Kudos
6 Replies

664 Views
jeremyzhou
NXP Employee
NXP Employee

Hi Ken Su,

Thank you for your interest in NXP Semiconductor products and the opportunity to serve you.
To provide the fastest possible support, I'd highly recommend you to refer to the AN11648 which illustrates how to secure boot from an encrypted image in a QSPI flash device.
Have a great day,
TIC

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos

664 Views
kensu
Contributor V

Hi jeremyzhou

Thanks for your reply and your data,

I think I understand the security boot from user manual and lpcscript and AN11648.

The step of PC side and ROM boot code.

However, I want to know could I implement ROM boot code security decrypt  to SRAM behavior in my application.

Because I have 2 image. I want to make Image1(No security encrypt ) decrypt the  Image2(With security encrypt ) to SRAM or SDRAM. Then image1 jump to image2 to run.

Is it possible?

Thanks

Ken

0 Kudos

664 Views
jeremyzhou
NXP Employee
NXP Employee

Hi Ken Su,

Thanks for your reply.

1) Is it possible?

-- No, I'm afraid not.

Hope this is clear.
Have a great day,
TIC

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos

664 Views
kensu
Contributor V

Hi jeremyzhou

Could you tell me the reason that I cannot decript a image2 with my image1, 

If I can use AES API in application, which problem I will meet if I want to decript a image in my application?

Our customer may want to know more detail, and we may consider to change other MCU.

Thanks

Ken

0 Kudos

664 Views
jeremyzhou
NXP Employee
NXP Employee

Hi Hi Ken Su,

Thanks for your reply.
Let me clarify it.
In your previous question, you said you want to implement the ROM boot code in the Image1 to decrypt the Image2, the answer is no, as the ROM code is 'invisible' to application code.
About the current question, whether it's available to calling the AES API to decrypt a decrypt plain text, the answer is yes.
I've attached an application note which illustrates how to call the AES APIs.

0 Kudos

664 Views
kensu
Contributor V

Hi jeremyzhou

I understood,

And thanks for your reply and data, the source code will be good help for us.

 

I will use EVA board to do more evaluation.

Thank a lot.

Ken

0 Kudos