BEE USER KEYS

acallamp

HI：

After burning and writing my image to BEE USER KEYS unsigned through security tools, there are two codes BOOT BIN APP.BIN works normally even after successful encryption. When I upgraded the APP through BOOT code using the serial port... The code can also function normally... I would like to ask if the APP for serial port upgrade in the future also has encryption function? Did the built-in key automatically encrypt the code when writing NOR FLASH to the serial port? (The app is just the second image)

marek-trmac

Hi,

SEC tool does not encrypt the additional files automatically, the additional images are written to flash same as it is configured in SEC tool. If you set encryption for the region starting at 0x60020000, you must encrypt the application image on command line. You can re-use code from the build script, you will need "bee_config.yaml" with the configuration for additional image and then call "nxpimage bee export" to encrypt the file.

Once the application is encrypted, you can use it as an additional image in SEC tool and also for the online updates.

Note: you can enable "pre_build" script in SEC tool and make encryption there. The pre-build script is invoked before the build, so with this you will always do all necessary steps together.

Regards,
Marek

在原帖中查看解决方案

marek-trmac

Hi,

based on the BEE configuration it seems APP is not encrypted (memory range >=0x60020000 is not encrypted). I do not see any reason why it should not work after upgrade.

Regards,
Marek

acallamp

If I use the 0X6002000 app BIN also has a password, what if I use my own serial BOOT to upgrade the code? Can the new app code still work?

marek-trmac

Hi,

SEC tool does not encrypt the additional files automatically, the additional images are written to flash same as it is configured in SEC tool. If you set encryption for the region starting at 0x60020000, you must encrypt the application image on command line. You can re-use code from the build script, you will need "bee_config.yaml" with the configuration for additional image and then call "nxpimage bee export" to encrypt the file.

Once the application is encrypted, you can use it as an additional image in SEC tool and also for the online updates.

Note: you can enable "pre_build" script in SEC tool and make encryption there. The pre-build script is invoked before the build, so with this you will always do all necessary steps together.

Regards,
Marek

acallamp

Hi: Thank you. Also, may I ask if you have it? Can encrypted burners be mass-produced?

marek-trmac

Hi,

I'm not aware of any example, we might have. Also, I'm not aware of any issue, why this cannot be mass produced, but of course I'd recommend testing this well prior the production.

Regards,
Marek

acallamp

hi :谢谢，还有请问有没有？可以量产的加密的烧录器？