帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Will LPC55S69 Secure Boot ROM check version every time it boots up

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Will LPC55S69 Secure Boot ROM check version every time it boots up

‎02-08-2023 06:57 PM
2,155 次查看
Halry
Contributor I

In UM11126, it says about Secure_FW_version in CFPA page just used during SB2 file loading. I am going to write a secondary bootloader that uses this monotonic counter for preventing roll-back. Now I am afraid that after altering this counter, my bootloader will not be able to boot up because of the version check when bootrom boots to my bootloader. If it checks the counter, may I use the NS_FW_version counter for my anti roll-back mechanism?

Thanks.

0 项奖励
回复
4 回复数

‎02-13-2023 09:23 PM
2,111 次查看
Pavel_Hernandez
NXP TechSupport
NXP TechSupport

Hello, this is the information available for the secure boot, I need more details about your case could you elaborate further? I could not confirm what you mentioned in the user manual,

LPC55Sxx Secure Boot (nxp.com)

Best regards,
Pavel

0 项奖励
回复

‎02-13-2023 11:12 PM
2,107 次查看
Halry
Contributor I

According to the AN12283,the signed image inside the internal flash is like 

 

Halry_0-1676354556932.png

 

that includes header, which includes version number.

In the UM11126, the manual states it just uses for during SB2 file loading.

Halry_1-1676354941442.png

 

I am working on a project that act as a secondary bootloader. I want to use the Secure_FW_version or NS_FW_Version as a monotonic counter for version checking because I don't want to waste flash size to make another CFPA-like page. I can't find the detail about how the image being validated during boot. Will it compare the image header's version number with the CFPA version number? Or it just validate the signature of the header?

Halry_2-1676355042315.png

 

 

0 项奖励
回复

‎02-22-2023 07:35 PM
2,012 次查看
Pavel_Hernandez
NXP TechSupport
NXP TechSupport

Hello, sorry for the late response I was researching more information about your questions, so...

I can't find the detail about how the image is being validated during boot. 

Pavel_Hernandez_1-1677119296453.png

Will it compare the image header's version number with the CFPA version number? Or it just validate the signature of the header?

Pavel_Hernandez_0-1677119283497.png

Pavel_Hernandez_2-1677119629373.png

I apologize for the time this being take.

Best regards,
Pavel

 

0 项奖励
回复

‎02-10-2023 08:59 PM
2,130 次查看
Pavel_Hernandez
NXP TechSupport
NXP TechSupport

Hello, my name is Pavel, and I will be supporting your case, let me get into your case and when I have more information, I will contact you.

Best regards,
Pavel

0 项奖励
回复