MCUXpresso Secure Provisioning TOOL-V 6.0

Showing results for 
Show  only  | Search instead for 
Did you mean: 

MCUXpresso Secure Provisioning TOOL-V 6.0

Contributor II

Hi all,
I have a few questions regarding the HAB image generated by SPT.

Q1.Using tool we generated Encrypted image, In tool we done below setting
- select processor mxrt1051.
-Boot type - Encrypted HAB
- Boot device - FLex spi nor
- start address -0x3000
-select closed,HAB enable
- use SRK1 key
-HAB encryption algorithm-AES-128
we build image successfully.
in bootable_image folder generate nopadding bin.file which is encrypted image
but in our requirement to write this encryted image via cloud(push bin file to cloude)not using SPT tool ,is it possiable?

Q2.if we want to push file on cloud then which file push?nopadding bin which is available in bootable image folder.
or we need to push additional file aslo like -DEK Key.bin and SRK Fuse,bin

Q3.start address 0x3000 meaning what? here XIP mode not use means ?

Q4. if we want to use XIP then we need to add flash in MCU xpresso IDE
add flash start address 0x60000000 so what will insert size of flash (mxrt1051)

0 Kudos
1 Reply

NXP Employee
NXP Employee
Hi Mahesh,

I'd recommend to generate write script in SEC tool and you can find in the script, what parts shall be written and the target address. The write script is designed to write everything into empty chip. In case you do an update, you can write only changed parts, of course.

For the cloud updates, there are supported secure binary (*.SB) file, which is encrypted. However, this is currently supported on command-line only, it can be build using elftosb tool.
In SEC tool you can use "main menu > Tools > Manufacturing Tool" to apply SB file into the processor.

HAB encrypted boot mode on RT10xx means, the application image is encrypted in the flash, and before execution, it is decrypted into RAM and executed from RAM. It can be executed either from internal or from external RAM (SDRAM). 0x3000 refers to address in internal RAM.
XIP = e(X)ecuted (I)n (P)lace = means the code is executed from flash, where it is located. In HAB encrypted boot mode, XIP is not possible.

RT1050 supports also XIP excrypted image from external flash, see BEE encryption.

The workflow for RT1051 in SEC tool can be found in chapter 6.2 of the user guide.

Hope this helps.
0 Kudos