ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Will LPC55S69 Secure Boot ROM check version every time it boots up

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Will LPC55S69 Secure Boot ROM check version every time it boots up

‎02-08-2023 06:57 PM
1,934件の閲覧回数
Halry
Contributor I

In UM11126, it says about Secure_FW_version in CFPA page just used during SB2 file loading. I am going to write a secondary bootloader that uses this monotonic counter for preventing roll-back. Now I am afraid that after altering this counter, my bootloader will not be able to boot up because of the version check when bootrom boots to my bootloader. If it checks the counter, may I use the NS_FW_version counter for my anti roll-back mechanism?

Thanks.

0 件の賞賛
返信
4 返答(返信)

‎02-13-2023 09:23 PM
1,890件の閲覧回数
Pavel_Hernandez
NXP TechSupport
NXP TechSupport

Hello, this is the information available for the secure boot, I need more details about your case could you elaborate further? I could not confirm what you mentioned in the user manual,

LPC55Sxx Secure Boot (nxp.com)

Best regards,
Pavel

0 件の賞賛
返信

‎02-13-2023 11:12 PM
1,886件の閲覧回数
Halry
Contributor I

According to the AN12283,the signed image inside the internal flash is like 

 

Halry_0-1676354556932.png

 

that includes header, which includes version number.

In the UM11126, the manual states it just uses for during SB2 file loading.

Halry_1-1676354941442.png

 

I am working on a project that act as a secondary bootloader. I want to use the Secure_FW_version or NS_FW_Version as a monotonic counter for version checking because I don't want to waste flash size to make another CFPA-like page. I can't find the detail about how the image being validated during boot. Will it compare the image header's version number with the CFPA version number? Or it just validate the signature of the header?

Halry_2-1676355042315.png

 

 

0 件の賞賛
返信

‎02-22-2023 07:35 PM
1,791件の閲覧回数
Pavel_Hernandez
NXP TechSupport
NXP TechSupport

Hello, sorry for the late response I was researching more information about your questions, so...

I can't find the detail about how the image is being validated during boot. 

Pavel_Hernandez_1-1677119296453.png

Will it compare the image header's version number with the CFPA version number? Or it just validate the signature of the header?

Pavel_Hernandez_0-1677119283497.png

Pavel_Hernandez_2-1677119629373.png

I apologize for the time this being take.

Best regards,
Pavel

 

0 件の賞賛
返信

‎02-10-2023 08:59 PM
1,909件の閲覧回数
Pavel_Hernandez
NXP TechSupport
NXP TechSupport

Hello, my name is Pavel, and I will be supporting your case, let me get into your case and when I have more information, I will contact you.

Best regards,
Pavel

0 件の賞賛
返信