Secure provisioning of firmwares from several vendors

mgrand · ‎03-07-2023

Hi everybody,

I would be interested in provisioning firmwares & assets (i.e. crypto keys and certificates) from different vendors at the same time: Vendor 1 (TrustZone firmware provider) should not be able to decrypt / tamper with Vendor 2 (application firmware) firmware and vice versa. Is it something which is possible to do with NXP secure provisioning tool ? If this is not possible, what could be the best way to do that ?

Thank you!

marek-trmac · ‎03-08-2023

Hi Michael,

MCUxpresso Secure Provisioning GUI Tool focuses on most typical use cases for end customers - provisioning of signed or encrypted images for final products. The GUI tool currently does not support use case, where an OEM vendor provides partially secured device to his customers.

However, output from MCUxpresso Secure Provisioning GUI Tool is provided as a script, and it is possible to customize it. The underlying command-line tools allows to do any configuration.

Regards,
Marek

View solution in original post

marek-trmac · ‎03-08-2023

Hi Michael,

MCUxpresso Secure Provisioning GUI Tool focuses on most typical use cases for end customers - provisioning of signed or encrypted images for final products. The GUI tool currently does not support use case, where an OEM vendor provides partially secured device to his customers.

However, output from MCUxpresso Secure Provisioning GUI Tool is provided as a script, and it is possible to customize it. The underlying command-line tools allows to do any configuration.

Regards,
Marek