BEE USER KEYS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

BEE USER KEYS

Jump to solution
213 Views
acallamp
Contributor III

HI:

After burning and writing my image to BEE USER KEYS unsigned through security tools, there are two codes BOOT BIN APP.BIN works normally even after successful encryption. When I upgraded the APP through BOOT code using the serial port... The code can also function normally... I would like to ask if the APP for serial port upgrade in the future also has encryption function? Did the built-in key automatically encrypt the code when writing NOR FLASH to the serial port? (The app is just the second image)

1733448278916.png1733448123207.png

Tags (1)
0 Kudos
Reply
1 Solution
174 Views
marek-trmac
NXP Employee
NXP Employee

Hi,

SEC tool does not encrypt the additional files automatically, the additional images are written to flash same as it is configured in SEC tool. If you set encryption for the region starting at 0x60020000, you must encrypt the application image on command line. You can re-use code from the build script, you will need "bee_config.yaml" with the configuration for additional image and then call "nxpimage bee export" to encrypt the file.

Once the application is encrypted, you can use it as an additional image in SEC tool and also for the online updates.

Note: you can enable "pre_build" script in SEC tool and make encryption there. The pre-build script is invoked before the build, so with this you will always do all necessary steps together. 

Regards,
Marek

View solution in original post

6 Replies
195 Views
marek-trmac
NXP Employee
NXP Employee

Hi,

based on the BEE configuration it seems APP is not encrypted (memory range >=0x60020000 is not encrypted). I do not see any reason why it should not work after upgrade.

Regards,
Marek
0 Kudos
Reply
191 Views
acallamp
Contributor III

If I use the 0X6002000 app BIN also has a password, what if I use my own serial BOOT to upgrade the code? Can the new app code still work?

Tags (1)
0 Kudos
Reply
175 Views
marek-trmac
NXP Employee
NXP Employee

Hi,

SEC tool does not encrypt the additional files automatically, the additional images are written to flash same as it is configured in SEC tool. If you set encryption for the region starting at 0x60020000, you must encrypt the application image on command line. You can re-use code from the build script, you will need "bee_config.yaml" with the configuration for additional image and then call "nxpimage bee export" to encrypt the file.

Once the application is encrypted, you can use it as an additional image in SEC tool and also for the online updates.

Note: you can enable "pre_build" script in SEC tool and make encryption there. The pre-build script is invoked before the build, so with this you will always do all necessary steps together. 

Regards,
Marek
159 Views
acallamp
Contributor III
Hi: Thank you. Also, may I ask if you have it? Can encrypted burners be mass-produced?
0 Kudos
Reply
111 Views
marek-trmac
NXP Employee
NXP Employee

Hi,

I'm not aware of any example, we might have. Also, I'm not aware of any issue, why this cannot be mass produced, but of course I'd recommend testing this well prior the production. 

Regards,
Marek
0 Kudos
Reply
159 Views
acallamp
Contributor III
hi :谢谢,还有请问有没有?可以量产的加密的烧录器?
0 Kudos
Reply