ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

lpc55s69 secure boot

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

lpc55s69 secure boot

‎11-11-2021 08:20 AM
1,171件の閲覧回数
MarcoBelli1
Contributor II

hi

I'm trying to understand LPC55S69 secure boot.

I'm reading UM11126 user manual and AN12283.

What are the options to update a firmware on LPC after secure boot is enabled?

I understand that 2 main commands are available for programming the flash

1) blhost write-memory

2) blhost receive-sb-file

are both of them available after secure boot is enabled? 

is only receive-sb file enabled?

 

the only info I have found is:

SECURE_BOOT_CFG
field determines whether
secure boot flow is
enabled or not.
• If secure boot is enabled
or debug authentication
fields (CC_SOCU_xxx) are
not in the default state,
then limited ISP
commands are allowed.
Allowed command set can
be retrieved by “blhost -p
COMx/-u <VID,PID> --
get-property 7”.

 

thank you

0 件の賞賛
返信
3 返答(返信)

‎11-11-2021 12:08 PM
1,161件の閲覧回数
EdwinHz
NXP TechSupport
NXP TechSupport

Both of these commands are available for programming the flash after secure boot is enabled.

As you can see in AN12283, “write-memory” is used to write a signed image into flash (p. 15) and “receive-sb-file” is used to load a SB2.0 file into the device (p. 19). In both instances the secure boot is already enabled.  

You can also find some more information about each command on the “blhost User's Guide” document, here’s the link: https://www.nxp.com/docs/en/user-guide/MCUBLHOSTUG.pdf

 

Best regards,

Edwin.

0 件の賞賛
返信

‎11-12-2021 12:22 AM
1,145件の閲覧回数
MarcoBelli1
Contributor II

In UM11126 chapter 7.2.2 Secure firmware update it's written:

If firmware updates are to be performed in the field when secure boot is enabled, then a
secure firmware update mechanism is preferred. Otherwise inauthentic firmware may be
written to the device, causing it to not boot.

 

Is there a way to allow secure update and permanently disable write-memory? otherwise I don't understand how it's possible to prevent writing of inauthentic firmware?

Marco

タグ(1)
0 件の賞賛
返信

‎11-12-2021 02:37 PM
1,133件の閲覧回数
EdwinHz
NXP TechSupport
NXP TechSupport

Secure Boot provides the tools to ensure that unauthorized code can’t be executed, not to disable flash programming. This is instead done with the Lifecycle state. Take a look into Section 10.3 of the User Manual, specifically “OEM Closed” on Table 273. I believe this will prove to be useful for your inquiry.

0 件の賞賛
返信