帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

lpc55s69 secure boot

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

lpc55s69 secure boot

‎11-11-2021 08:20 AM
2,526 次查看
MarcoBelli1
Contributor II

hi

I'm trying to understand LPC55S69 secure boot.

I'm reading UM11126 user manual and AN12283.

What are the options to update a firmware on LPC after secure boot is enabled?

I understand that 2 main commands are available for programming the flash

1) blhost write-memory

2) blhost receive-sb-file

are both of them available after secure boot is enabled? 

is only receive-sb file enabled?

 

the only info I have found is:

SECURE_BOOT_CFG
field determines whether
secure boot flow is
enabled or not.
• If secure boot is enabled
or debug authentication
fields (CC_SOCU_xxx) are
not in the default state,
then limited ISP
commands are allowed.
Allowed command set can
be retrieved by “blhost -p
COMx/-u <VID,PID> --
get-property 7”.

 

thank you

0 项奖励
回复
3 回复数

‎11-11-2021 12:08 PM
2,516 次查看
EdwinHz
NXP TechSupport
NXP TechSupport

Both of these commands are available for programming the flash after secure boot is enabled.

As you can see in AN12283, “write-memory” is used to write a signed image into flash (p. 15) and “receive-sb-file” is used to load a SB2.0 file into the device (p. 19). In both instances the secure boot is already enabled.  

You can also find some more information about each command on the “blhost User's Guide” document, here’s the link: https://www.nxp.com/docs/en/user-guide/MCUBLHOSTUG.pdf

 

Best regards,

Edwin.

0 项奖励
回复

‎11-12-2021 12:22 AM
2,500 次查看
MarcoBelli1
Contributor II

In UM11126 chapter 7.2.2 Secure firmware update it's written:

If firmware updates are to be performed in the field when secure boot is enabled, then a
secure firmware update mechanism is preferred. Otherwise inauthentic firmware may be
written to the device, causing it to not boot.

 

Is there a way to allow secure update and permanently disable write-memory? otherwise I don't understand how it's possible to prevent writing of inauthentic firmware?

Marco

标记 (1)
0 项奖励
回复

‎11-12-2021 02:37 PM
2,488 次查看
EdwinHz
NXP TechSupport
NXP TechSupport

Secure Boot provides the tools to ensure that unauthorized code can’t be executed, not to disable flash programming. This is instead done with the Lifecycle state. Take a look into Section 10.3 of the User Manual, specifically “OEM Closed” on Table 273. I believe this will prove to be useful for your inquiry.

0 项奖励
回复