Missing Boot Header on binary

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

Missing Boot Header on binary

跳至解决方案
834 次查看
rnicolls
Contributor IV

Hi,

I've been programming the iMXRT1176 with external flash using the Secure Provisioning tool. I've followed a process where I first build a .bin file using an input .bin produced from MCUXpresso and then write the image. It's been working well but I'm not able to write the same binary using the Cyclone programmer. I've dumped the flash, in both cases, and found that the image programmed by the cyclone is missing a boot header at the 0x400 offset. When I looked at the .bin produced by the Secure Provisioning Tool I noticed that it had not added it to the file. My guess is the flashloader loaded into RAM when writing the image is responsible for writing this header. 

Is there a way for me to build the .bin with the header attached so that I can program the device using the Cyclone Programmer?

 

Thanks,

Rory 

0 项奖励
回复
1 解答
723 次查看
liborukropec
NXP Employee
NXP Employee

Hi Roy,

>>Eventually we'd like to sign and encrypt our image, if the flashloader writes an FCB into there this would corrupt the image and prevent authentication and decryption.

No, image signature does not take FCB into the checksum.
Encryption - it depends how you configure the engine; you should encrypt just the application image. By default settings in SEC the FCB is not encrypted.

In other words, your flow with Cyclone should work. Just make sure the encryption (regions) is properly configured.

Regards,
Libor

在原帖中查看解决方案

0 项奖励
回复
7 回复数
819 次查看
liborukropec
NXP Employee
NXP Employee

Hi Rory,

typically when you select target boot memory, simplified configuration is used - it is is just a word containing the basic configuration and ROM via blhost command writes the Flash Configuration Block directly into the memory, hence it is not on your disk.

If for whatever reason (one of them is using Dual Image for example) you need the FCB, either you can just read it from the Flash and store it somewhere, or you can use the SEC tool to do it for you, see Convert To Complete FCB dialog - https://docs.mcuxpresso.nxp.com/secure/latest/05_user_interface.html#id8 . SEC tool still uses these two binaries separately, so via Cyclone programmer you will have to write twice - FCB and then the app, or you will need to join these binaries into one manually (you can use SPSDK utility `nxpimage utils binary-image --help`) and then use the programmer.

 

Regards,

Libor

0 项奖励
回复
815 次查看
rnicolls
Contributor IV

I was able to get MCUXpresso to build the project with the FCB included in the image and I could flash that with the Cyclone programmer. 

I had a look at the write script used by the Secure provisioning tool, it looks like blhost instructs the flash loader to write an FCB into the flash. Is that correct?

Eventually we'd like to sign and encrypt our image, if the flashloader writes an FCB into there this would corrupt the image and prevent authentication and decryption. Is it possible to take our own image, separate the FCB so we have a separate fcb.bin, then get the flashloader to write in out application and then use blhost to write in our own fcb.bin?

The reason I ask is that we'd like to have the option to program with the Cyclone and using the SPT. 

0 项奖励
回复
724 次查看
liborukropec
NXP Employee
NXP Employee

Hi Roy,

>>Eventually we'd like to sign and encrypt our image, if the flashloader writes an FCB into there this would corrupt the image and prevent authentication and decryption.

No, image signature does not take FCB into the checksum.
Encryption - it depends how you configure the engine; you should encrypt just the application image. By default settings in SEC the FCB is not encrypted.

In other words, your flow with Cyclone should work. Just make sure the encryption (regions) is properly configured.

Regards,
Libor

0 项奖励
回复
696 次查看
rnicolls
Contributor IV

Hi,

Thank you for the clarification.

 

0 项奖励
回复
827 次查看
rnicolls
Contributor IV

Just to clarify, I'd like a way for the Secure Provisioning tool to add the Flash Control Block (What I called the boot header above)

0 项奖励
回复
777 次查看
marek-trmac
NXP Employee
NXP Employee

Hi Rory,

there are two options in SEC tool, how the FlexSPI NOR can be configured. Either you can use simplified flash configuration (which is default) or you can you full FCB configuration. FCB is flash control block, the binary configuration file, usually 256 or 512 bytes long.

See detailed info in the online documentation: User interface — MCUXpresso Secure Provisioning Tool 25.06

Regards,
Marek


NOTE: If you find the answer useful, kindly click on [ACCEPT AS SOLUTION] button
0 项奖励
回复
697 次查看
rnicolls
Contributor IV

Hi,

Thank you. I think the reason I did not see this option is because we have an older version of the SEC tool. I can see this option available in later versions. 

0 项奖励
回复