Features

• Support for i.MX
  • RT1015, RT1020, RT1024, RT1050, RT1060 and RT1064
• Support for LPC
  • LPC55S6x, LPC55S2x and LPC55S1x
• Unsigned, HAB signed and HAB encrypted Secure Boot modes
• Conversion of ELF executables, SREC and raw binaries into bootable images files
• Generation and management of keys, signatures and certificates associated with the image
• Connectivity to the target via UART, USB-HID.
• Writing FlexSPI NOR or SD card boot device including configuration of the boot device parameters
• Use of DCD configuration enabling booting into SDRAM images
• Programming eFuses per image and use case requirements
• Optional generation of batch scripts usable later without the GUI
• Streamlined operation for general users

Downloads

•  To download the installer, please login to our download site via:
  • https://nxp.com/mcuxpresso/secure

Revision History

• 2.1
  • Added support for i.MX RT1015, i.MX RT1024, LPC55S06 and LPC55S04
  • Mac OS X - fixed saving the workspace setting in case App Menu "securep | Quit securep" is used
  • Mac OS X - fixed connection dialog freeze in case wrong UART is used
  • LPC - several improvements for Signed LPC images
  • LPC Trust Zone - CLI allows to set/override the Trust Zone Settings
  • Other minor improvements and bug-fixes
•  2.0
  • Added support for i.MX RT1020 and i.MX RT1064
  • Added support for LPC55S6x, LPC55S2x and LPC55S1x
    • Unsigned, Unsigned CRC and Signed boot modes
    • TrustZone support (bin + json)
    • Key Management – Secure Boot, Generation of ROT keys
  • BEE boot for i.MX RT10xx
    • OTPMK
    • SW-GP2/GP4
  • Import/Export Keys between workspaces
  • Improved connection dialog, it supports UART test connection, improved processor detection and detection of fuses status
•  1.0.1
  • Added support for Mac OS X Catalina (10.15) + Ubuntu 18.04
  • Fixed termination of sub-processes of long-running tasks.
• 1.0
  • Initial version

Known problems and limitations

• General
• On Windows platform make sure the windows FIND utility is found first on the PATH (GNU findutils could break the functionality)
• On Linux platform the USB and/or Serial device files has to be readable and writable by current user. See resources/udev/99-secure-provisioning.rules installed into /etc/udev/rules.d/99-secure-provisioning.rules that solves this issue. On user's machine can be conflicting rule with higher priority. In case of conflict, update the conflicting rule or make this rule file with higher priority by renaming the file with lower number at beginning.
• Application has to be installed into location where the user has write access.

• Workspace cannot contain space in the path

• Secure Provisioning Tool does not burn all possible security features that are available. Only those required by the selected boot type are configured.

• Windows

  • Workspace cannot be placed on different disk drive letter then the application is installed.

• LPC Signed Boot Type:

  • Write scripts requires the cmpa.bin and cfpa.bin files exist on the disk; on CLI it is necessary to manually modify write script or calling the generate_pfr command to create them
  • SBKEK keys are currently NOT supported by Import/Export command. It is recommended to backup and restore the gen_scripts/sbkek.bin and gen_scripts/sbkek.txt files manually.

• LPC Trust Zone

  • Configuration of Trust Zone is not supported for Unsigned image

• i.MX RT1015-EVK / Mac OS X
  • OpenSDA does not work On Mac OS X when the device has HAB enabled and UART port is used for communication. Either USB HID communication should be used, or the OpenSDA must be disconnected from RX and TX pins (jumpers J45 and J46) and device must be programmed via external USB to serial converter (3.3V)