- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- MCUXpresso Software and Tools
- :
- MCUXpresso Secure Provisioning Tool
- :
- Re: Missing Boot Header on binary
Missing Boot Header on binary
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I've been programming the iMXRT1176 with external flash using the Secure Provisioning tool. I've followed a process where I first build a .bin file using an input .bin produced from MCUXpresso and then write the image. It's been working well but I'm not able to write the same binary using the Cyclone programmer. I've dumped the flash, in both cases, and found that the image programmed by the cyclone is missing a boot header at the 0x400 offset. When I looked at the .bin produced by the Secure Provisioning Tool I noticed that it had not added it to the file. My guess is the flashloader loaded into RAM when writing the image is responsible for writing this header.
Is there a way for me to build the .bin with the header attached so that I can program the device using the Cyclone Programmer?
Thanks,
Rory
Solved! Go to Solution.
liborukropec
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Roy,
>>Eventually we'd like to sign and encrypt our image, if the flashloader writes an FCB into there this would corrupt the image and prevent authentication and decryption.
No, image signature does not take FCB into the checksum.
Encryption - it depends how you configure the engine; you should encrypt just the application image. By default settings in SEC the FCB is not encrypted.
In other words, your flow with Cyclone should work. Just make sure the encryption (regions) is properly configured.
Regards,
Libor
liborukropec
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rory,
typically when you select target boot memory, simplified configuration is used - it is is just a word containing the basic configuration and ROM via blhost command writes the Flash Configuration Block directly into the memory, hence it is not on your disk.
If for whatever reason (one of them is using Dual Image for example) you need the FCB, either you can just read it from the Flash and store it somewhere, or you can use the SEC tool to do it for you, see Convert To Complete FCB dialog - https://docs.mcuxpresso.nxp.com/secure/latest/05_user_interface.html#id8 . SEC tool still uses these two binaries separately, so via Cyclone programmer you will have to write twice - FCB and then the app, or you will need to join these binaries into one manually (you can use SPSDK utility `nxpimage utils binary-image --help`) and then use the programmer.
Regards,
Libor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was able to get MCUXpresso to build the project with the FCB included in the image and I could flash that with the Cyclone programmer.
I had a look at the write script used by the Secure provisioning tool, it looks like blhost instructs the flash loader to write an FCB into the flash. Is that correct?
Eventually we'd like to sign and encrypt our image, if the flashloader writes an FCB into there this would corrupt the image and prevent authentication and decryption. Is it possible to take our own image, separate the FCB so we have a separate fcb.bin, then get the flashloader to write in out application and then use blhost to write in our own fcb.bin?
The reason I ask is that we'd like to have the option to program with the Cyclone and using the SPT.
liborukropec
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Roy,
>>Eventually we'd like to sign and encrypt our image, if the flashloader writes an FCB into there this would corrupt the image and prevent authentication and decryption.
No, image signature does not take FCB into the checksum.
Encryption - it depends how you configure the engine; you should encrypt just the application image. By default settings in SEC the FCB is not encrypted.
In other words, your flow with Cyclone should work. Just make sure the encryption (regions) is properly configured.
Regards,
Libor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Thank you for the clarification.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to clarify, I'd like a way for the Secure Provisioning tool to add the Flash Control Block (What I called the boot header above)
marek-trmac
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rory,
there are two options in SEC tool, how the FlexSPI NOR can be configured. Either you can use simplified flash configuration (which is default) or you can you full FCB configuration. FCB is flash control block, the binary configuration file, usually 256 or 512 bytes long.
See detailed info in the online documentation: User interface — MCUXpresso Secure Provisioning Tool 25.06
Marek
NOTE: If you find the answer useful, kindly click on [ACCEPT AS SOLUTION] button
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Thank you. I think the reason I did not see this option is because we have an older version of the SEC tool. I can see this option available in later versions.
