Missing Boot Header on binary

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Missing Boot Header on binary

ソリューションへジャンプ
829件の閲覧回数
rnicolls
Contributor IV

Hi,

I've been programming the iMXRT1176 with external flash using the Secure Provisioning tool. I've followed a process where I first build a .bin file using an input .bin produced from MCUXpresso and then write the image. It's been working well but I'm not able to write the same binary using the Cyclone programmer. I've dumped the flash, in both cases, and found that the image programmed by the cyclone is missing a boot header at the 0x400 offset. When I looked at the .bin produced by the Secure Provisioning Tool I noticed that it had not added it to the file. My guess is the flashloader loaded into RAM when writing the image is responsible for writing this header. 

Is there a way for me to build the .bin with the header attached so that I can program the device using the Cyclone Programmer?

 

Thanks,

Rory 

0 件の賞賛
返信
1 解決策
718件の閲覧回数
liborukropec
NXP Employee
NXP Employee

Hi Roy,

>>Eventually we'd like to sign and encrypt our image, if the flashloader writes an FCB into there this would corrupt the image and prevent authentication and decryption.

No, image signature does not take FCB into the checksum.
Encryption - it depends how you configure the engine; you should encrypt just the application image. By default settings in SEC the FCB is not encrypted.

In other words, your flow with Cyclone should work. Just make sure the encryption (regions) is properly configured.

Regards,
Libor

元の投稿で解決策を見る

0 件の賞賛
返信
7 返答(返信)
814件の閲覧回数
liborukropec
NXP Employee
NXP Employee

Hi Rory,

typically when you select target boot memory, simplified configuration is used - it is is just a word containing the basic configuration and ROM via blhost command writes the Flash Configuration Block directly into the memory, hence it is not on your disk.

If for whatever reason (one of them is using Dual Image for example) you need the FCB, either you can just read it from the Flash and store it somewhere, or you can use the SEC tool to do it for you, see Convert To Complete FCB dialog - https://docs.mcuxpresso.nxp.com/secure/latest/05_user_interface.html#id8 . SEC tool still uses these two binaries separately, so via Cyclone programmer you will have to write twice - FCB and then the app, or you will need to join these binaries into one manually (you can use SPSDK utility `nxpimage utils binary-image --help`) and then use the programmer.

 

Regards,

Libor

0 件の賞賛
返信
810件の閲覧回数
rnicolls
Contributor IV

I was able to get MCUXpresso to build the project with the FCB included in the image and I could flash that with the Cyclone programmer. 

I had a look at the write script used by the Secure provisioning tool, it looks like blhost instructs the flash loader to write an FCB into the flash. Is that correct?

Eventually we'd like to sign and encrypt our image, if the flashloader writes an FCB into there this would corrupt the image and prevent authentication and decryption. Is it possible to take our own image, separate the FCB so we have a separate fcb.bin, then get the flashloader to write in out application and then use blhost to write in our own fcb.bin?

The reason I ask is that we'd like to have the option to program with the Cyclone and using the SPT. 

0 件の賞賛
返信
719件の閲覧回数
liborukropec
NXP Employee
NXP Employee

Hi Roy,

>>Eventually we'd like to sign and encrypt our image, if the flashloader writes an FCB into there this would corrupt the image and prevent authentication and decryption.

No, image signature does not take FCB into the checksum.
Encryption - it depends how you configure the engine; you should encrypt just the application image. By default settings in SEC the FCB is not encrypted.

In other words, your flow with Cyclone should work. Just make sure the encryption (regions) is properly configured.

Regards,
Libor

0 件の賞賛
返信
691件の閲覧回数
rnicolls
Contributor IV

Hi,

Thank you for the clarification.

 

0 件の賞賛
返信
822件の閲覧回数
rnicolls
Contributor IV

Just to clarify, I'd like a way for the Secure Provisioning tool to add the Flash Control Block (What I called the boot header above)

0 件の賞賛
返信
772件の閲覧回数
marek-trmac
NXP Employee
NXP Employee

Hi Rory,

there are two options in SEC tool, how the FlexSPI NOR can be configured. Either you can use simplified flash configuration (which is default) or you can you full FCB configuration. FCB is flash control block, the binary configuration file, usually 256 or 512 bytes long.

See detailed info in the online documentation: User interface — MCUXpresso Secure Provisioning Tool 25.06

Regards,
Marek


NOTE: If you find the answer useful, kindly click on [ACCEPT AS SOLUTION] button
0 件の賞賛
返信
692件の閲覧回数
rnicolls
Contributor IV

Hi,

Thank you. I think the reason I did not see this option is because we have an older version of the SEC tool. I can see this option available in later versions. 

0 件の賞賛
返信