What's new in this release? Support new processors:     -   MCX E24x processors: MCX E245, MCX E246, MCX E247   -   KW45Z410xx processors: KW45Z41052, KW45Z41053, KW45Z41082, KW45Z41083 Support Edgelock 2GO WPC provisioning for the MWCT processors Added support for secure boot for the KW47 and MCX W727x processors Added support for encryption, firmware version for the i.MX RT7xx processors Integrated SPSDK 3.0.1 with backward incompatibilities including removal of Smart Card Trust Provisioning for LPC55Sxx devices Added RW61x Edgelock2GO provisioning FW v2.0 and more !   Known problems and limitations Troubleshooting   Downloads  To download the installer, please login to our download site via: https://nxp.com/mcuxpresso/secure   Useful links: Release Notes: MCUXpresso Secure Provisioning Tool (SEC) release notes Fact Sheet: MCUXpresso Secure Provisioning Tool Fact Sheet  

Programming Firmware Image Using the SEC Tool   In this lab, you will use the MCUXpresso Secure Provisioning tool to update the image in ISP mode after the customer's product has entered mass production. The Flash Programmer is a simple tool within the SEC. Flash Programmer is designed to read/write from the currently selected flash memory and supports all flash types including internal flash, external NOR and NAND flash, SD card, and eMMC. Flash Programmer can be accessed from Tools in the menu bar. The processor can be connected to the host using USB, UART, SPI, or I2C and must be in ISP mode. Flash Programmer can be used to prepare data for writing, or just to display or modify saved memory blocks even if no device is connected. The left side contains the action toolbar and the right side contains a buffer of the memory content in hexadecimal and ASCII formats. The tool has additional functionalities: “Auto erase” and “Auto verify”. To display memory value from some address, fill in the start address into the Address combo and required size (in Bytes) into the Size combo. Click Read and the value read from memory will be displayed. The result of the operation is displayed in the bottom-left corner. If the operation ends with failure, more detailed info about the encountered error is displayed in the tooltip. The settings of the flash programmer window are not saved into the workspace. They are discarded if the tool is closed. This lab uses the Flash Programmer to program an image into the MCXN947. Hardware Requirements Host PC with at least one USB port available. FRDM-MCXN947 board USB cable Software Requirements MCUXpresso IDE v24.12 or later downloadable here (download needs a nxp.com valid account). Make sure you install all drivers prompted during install process. MCUXpresso Secure Provisioning Tool version 25.03.01 or later, downloadable here (download needs an nxp.com valid account). Make sure you download the package relevant to your OS (Mac AARCH OS, Linux DEB, Windows, Mac OS Intel x86_64). MCUXPresso SDK for the FRDM-MCXN947(version 25.03.00) board downloadable here (if the specific version is not available to you in the SDK portal you can download the SDK directly from here). Terminal program, like PuTTY or Tera Term (optional) Schematics of the FRDM-MCXN947.Can be found here. Steps 1. Create a S-record binary image To leverage the use of the MCUXpresso Secure Provisioning Tool we need to work with binary images, the first thing we need to do is to generate them. Luckily, MCUXPresso IDE has a set of functionalities that allow us to do this operation in very few mouse clicks. Open the MCUXpresso IDE, by double clicking on the desktop icon. In the MCUXpresso IDE Quickstart panel click on “Import SDK example(s)…” Select the MCXN947 , then select frdmmcxn947 board. Press then Next. Expand the demo_apps tab, select the “led_blinky_peripheral_cm33_core0” and press Finish button. Build the project, you will see the binary file plus debug extensions             “frdmmcxn947_led_blinky_peripheral_cm33_core0.axf” Right click on the above file and from the context menu select Binary Utilities and click on the Create S-Record option (as per the picture below). This will create a binary file with extension .s19:   Now we have the .s19file   2. Prepare the MCUXpresso Secure Provisioning environment for programming: Open the MCUXpresso Secure Provisioning Tool by double clicking on the desktop icon. Create a new workspace clicking on File -> New Workspace option in the toolbar (or Ctrl+N). Enter a folder name and configure the workspace as follows: Enter workspace folder name. Select MCXN947. Click Create button to create.   3. Make MCU boot in ISP mode Press and hold the ISP button (SW3) on the board, and at the same time, connect the USB cable to the HS-USB port (J11). Then release the ISP button. Use SPT tool test whether can connect with ISP mode. Click Target-> Connections… The USB port will be automatically recognized. Then, click the "Test connection" button. If the result shows "OK", it means the connection is good.   4. Program plain unsigned image (Generated from MCUXpresso IDE without any change) Open the Flash Programmer view through Tools->Flash Programmer  Load the image to Flash Programmer tool as below:  Erase flash and Write the image. Reset board, blinky demo start to run. This is the video that shows all the detailed steps.  

MCUXpresso Secure Provisioning Tool (SEC) version 25.03 is now available! Starting from 2025, MCUXpresso Secure Provisioning Tool (SEC) has a new versioning scheme (i.e. YY.MM).  YY and MM indicate the publish year and month respectively.  This versioning scheme aligns with other MCUXpresso tools.   What is new in version 25.03? Supported new processors: i.MX RT1043 and RT1046 processors MCX A13x processors MCX C processors: MCXC041, MCXC242, MCXC444 MCX W236 processor i.MX 9352 (unsigned and signed images) KW47 and MCXW727x processors, unsigned boot types only Support of EdgeLock 2GO Trust provisioning for KW45, K32W, MCXW71x and MCXN and more !   Known problems and limitations Troubleshooting   Downloads  To download the installer, please login to our download site via: https://nxp.com/mcuxpresso/secure   Useful links: Release Notes: MCUXpresso Secure Provisioning Tool (SEC) v25.03 release notes Fact Sheet: MCUXpresso Secure Provisioning Tool Fact Sheet

What's new in v10 release? New dialog for workspace creation with predefined profiles Added support for MCX W71xx processors Added preliminary support for i.MX RT798, plain, crc and signed images Added preliminary support for i.MX 95, silicon revision a1, unsigned images Added support of EdgeLock 2GO Trust provisioning for MCXNx4x and RW61x; device HSM unified with EdgeLock 2GO process RW61x: FRDM-RW61x is now default memory configuration for new workspace; fuses were updated Manufacturing package can be optionally encrypted with password Added hook for modification of environment variables at the start of the build and write scripts Added support of additional images for KW45xx and K32W1xx For boot memory configuration added additional predefined configurations (not verified on silicon) `Create FCB` command now back-up and restores content of the memory, where FCB is stored TrustZone templates is now preset on the build page, so it is easier to find them and customize; the file can be also in YAML format i.MX RT10xx: SEC_SET_ENGINE section removed from BD file Added third party licenses into the product layout, see "licenses" sub-folder Added support of environment variables in CLI, supported in all paths arguments and in configuration json files Integrated NXP Secure Provisioning SDK 2.3.1 Known problems and limitations uuu tool does not work on Mac   Downloads  To download the installer, please login to our download site via: https://nxp.com/mcuxpresso/secure   Useful links: Release Notes: MCUXpresso Secure Provisioning Tool (SEC) v10 release notes Fact Sheet: MCUXpresso Secure Provisioning Tool Fact Sheet

MCUXpresso Secure Provisioning Tool (SEC) is a graphical user interface (GUI) tool covering secure boot process and Trust Provisioning capabilities, primarily aimed at microcontroller customers. It provides unified GUI front-end over existing command-line tools (cst, pfr, tpconfig, tphost). What is new in the v9.0.1 release? Added support for MCF56816xx/7xx/8xx processors Added support for MCX N23x and MCX A14x / A15x processors Added support for MWCT2x12/D2 processors Added support for NHS52S04 processor Added support for MCUboot - open source secondary bootloader Additional images can be used for most of the processors (except for KW45 and K32W processors) Exported OTP/PFR/IFR configuration now contains page name, that is validated during the import. Firmware version supported for LPC55Sxx and i.MX RTxxx processors; for RT118x it is available only for signed images Minimal firmware version can be now specified in firmware configuration dialog Added support for build, write and manufacturing script hooks Removed limitation for key chain length for LPC55S6x and i.MX RTxxx processors; for other LPCs changed to warning Added support for FlexSPI instance selection for FlexSPI NAND for i.MX RT116x/7x Supported key revocation constraint for LPC55S3x, MCX N1xx, RW61x, KW45 and K32W processors The MBI image is partially erased before executing Device HSM, so it does not boot after reset. Applies for MCX N10, MCX N11, LPC55S3x, RW61x and MWCT2x12 In the installation layout, created "sample_data" sub-folder (soft link), it contains sample binary applications, signature provider examples, trust zone, XMCD and DCD configuration templates Signature provider:   - added support of sending only hash of the data for signing   - incompatible change in encoding of sending public keys, public keys are encoded in the standard key encodings (pem, der, nxp) instead of hex format Integrated NXP Secure Provisioning SDK 2.2.x with the following highlighted changes:  - new tools: nxpmemcfg, dk6prog, el2go, nxpwpc i.MX RT1050/6x: eMMC supported RW61x: Device HSM trust provisioning now required Device HSM loader from restricted data package Removed support for JLink and PEmicro debug libraries; all debug probes are now supported via pyOCD Added CLI tools: imgtool and uuu CLI: added support to save or change workspace settings and specify additional images Fixed $check_fw_versions SB2.1 high level commands for SB editor Fixed default flash (W25Q512NWEQ) for i.MX RT117x based on flash used on RT117x-EVKB Fixed key used to sign flashloader for i.MX RT10xx and RT116x/7x - changed from the first key to the selected key Fixed flashloader for i.MX RT1181/82 processors Note: v9.0.1 release fixes several customers issues reported for SEC v9   Downloads  To download the installer, please login to our download site via: https://nxp.com/mcuxpresso/secure   Useful links: Release Notes: MCUXpresso Secure Provisioning Tool (SEC) v9.0.1 release notes Fact Sheet: MCUXpresso Secure Provisioning Tool Fact Sheet 

MCUXpresso Secure Provisioning Tool (SEC) is a graphical user interface (GUI) tool covering secure boot process and Trust Provisioning capabilities, primarily aimed at microcontroller customers. It provides unified GUI front-end over existing command-line tools (cst, pfr, tpconfig, tphost). What is new in the v8 release? - LPC55S3x, KW45xx, K32W1xx: added support for images executed in RAM (xip images) - Added support for MCXN9xx/MCXN5xx/MCXA14x/MCXA15x processors - Added support for i.MX RT118x processors with new option to include additional images into the build - RT1181 and RT1182 processors are not available in the release time, the tool was tested on preproduction silicon only - Added support for RW61x processors (including shadow registers) - Added support for SB 2.1 Editor, supported for i.MX RTxxx and LPC55Sxx processors - Added option to configure signature provider via custom web server - Added option to specify separate FCB files for flash programming and runtime - Supported ECC keys for i.MX RT116x/7x - i.MX RT11xx bootable image can be used as source image for the build (previously this was only for RT10xx) - Added support for multiple monitors - Integrated NXP Secure Provisioning SDK 2.x with the following highlighted changes: - elftosb tool removed, replaced by nxpimage; nxpkeygen tool replaced by nxpcrypto - updated changes in command line arguments - several additional incompatible changes in configuration files - LPC55S3x, KW45xx, K32W1xx: spsdk/nxpkeygen tool replaced by spsdk/nxpcrypto - Removed legacy tools arm-none-eabi-objcopy, blhost, sdphost, elftosb, image_enc and cst (fully replaced by spsdk tools) - New installer for Mac OS with Apple M processor (previously Intel processor only) - Windows: The workspace can be now located on a drive with a letter other than the letter of the installed application.   Downloads  To download the installer, please login to our download site via: https://nxp.com/mcuxpresso/secure   Useful links: Release Notes: MCUXpresso Secure Provisioning Tool (SEC) v8 release notes Fact Sheet: MCUXpresso Secure Provisioning Tool Fact Sheet 

MCUXpresso Secure Provisioning Tool (SEC) is a graphical user interface (GUI) tool covering secure boot process and Trust Provisioning capabilities, primarily aimed at microcontroller customers. It provides unified GUI front-end over existing command-line tools (elftosb, blhost, sdphost, cst, pfr, tpconfig, tphost). What is new in the v7 release? Smart card trust provisioning supported for LPC55S36 processor Smart card trust provisioning supported only for smart card 1.2 or higher Re-designed configuration of boot memory; added support to user presets and custom protected area Dual image (ping/pong) boot newly support extended to LPC55(S)3x, KW45xx, K32W1xx, and RT116x/7x Added support for SB 3.1 editor for LPC55S3x, KW45xx and K32W1xx processors Improved configuration of IFR/ROMCFG for KW45xx and K32W1xx processors, now configured per 16-byte blocks i.MX RT116x/7x: Legacy elftosb and image_enc tools replaced by spsdk/nxpimage i.MX RT116x/7x: Updated flashloader and added detection of locked fuses (via blhost get-property 31) i.MX RT116x/7x: eMMC supported i.MX RT11xx: XMCD supported, either link to configuration file or the via simplified GUI editor i.MX RT10xx: added support for SPI NAND Improved grouping of processor in "New Workspace" dialog Integrated NXP Secure Provisioning SDK 1.10.2   Downloads  To download the installer, please login to our download site via: https://nxp.com/mcuxpresso/secure   Supported Operating Systems: Microsoft(R) Windows(R) 10 (64-bit) Mac OS 12.4 Monterey (Intel x86_64) Ubuntu 22.04 LTS 64 bit, with "OpenSSL 1.1.1f 31 Mar 2020"; GNOME recommended   Known issues and limitations: LPC55S3x, the firmware version on the Build tab is limited to a 16bit value due to a SEC and SPSDK integration limitation. LPC55S3x, KW45, K32W: if less than 4 ROT keys are used, RKTH is wrongly calculated and a signed image and/or SB file cannot be used; as a workaround always use 4 ROT keys (default settings) For more information, see chapter Troubleshooting in the documentation.   Useful links: Release Notes: MCUXpresso Secure Provisioning Tool (SEC) v7 release notes Fact Sheet: MCUXpresso Secure Provisioning Tool Fact Sheet