FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

unable to load secure boot

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

unable to load secure boot

‎02-06-2025 06:03 PM
1,036 Views
NXPMike
Contributor II

I have configured my LPC55S69-EVK board as follows:

post1.png

post2.png

In addition I have configured:

  • TrustZone disabled image
  • Authentication key: ROT1: IMG1_1
  • SBKEK: <random>
  • Boot: Signed
  • from: Onchip flash
  • LC: Development
  • TP: No TrustProvisioning
  • ROT1/2/3/4, IMG1_1/2_1/3_1/4_1, debug auth key and debug auth cert

With these settings I have SEC (version 10.0) generate the following files (build image):

  • image.sb
  • cfpa.bin
  • cmpa.bin

I then enter ISP mode and use blhost (version 2.6.7) to flash the files:

ps> .\blhost.exe -u 0x1FC9,0x0021 write-memory 0x9de00 cfpa.bin

Inject command 'write-memory'

Preparing to send 512 (0x200) bytes to the target.

Successful generic response to command 'write-memory'

(1/1)100% Completed!

Successful generic response to command 'write-memory'

Response status = 0 (0x0) Success.

Wrote 512 of 512 bytes.

 

ps> .\blhost.exe -u 0x1FC9,0x0021 write-memory 0x9e400 cmpa_sealed.bin

Inject command 'write-memory'

Preparing to send 512 (0x200) bytes to the target.

Successful generic response to command 'write-memory'

(1/1)100% Completed!

Successful generic response to command 'write-memory'

Response status = 0 (0x0) Success.

Wrote 512 of 512 bytes.

 

ps> .\blhost.exe -u 0x1FC9,0x0021 -- receive-sb-file .\image.sb

Inject command 'receive-sb-file'

Preparing to send 12992 (0x32c0) bytes to the target.

Successful generic response to command 'receive-sb-file'

(1/1)16%usb hid detected receiver data abort

Data phase write aborted by status 0x2712 kStatus_AbortDataPhase

Possible JUMP or RESET command received.

Response status = 10101 (0x2775) kStatusRomLdrSignature

Wrote 2128 of 12992 bytes.

 

I'm concerned about the errors that occur when I flash the .sb file and now my board is going straight to SPI mode and not running the image (which was working in "plain image" mode).

Any ideas what I'm configuring wrong?

 

0 Kudos
Reply
4 Replies

‎02-16-2025 02:22 PM
971 Views
liborukropec
NXP Employee
NXP Employee

Hello Mike,

I can see you are invoking the blhost commands manually. Did you try the SEC workflow? Y/N?

If not, did you enrolled the key plus the sbkek.bin ? Without the SBKEK you cannot receive encrypted SB file.

see the generated write_win.bat what it does.

 

Also I'm curious why you went using manual steps.

Regards,

Libor

 

0 Kudos
Reply

‎02-06-2025 06:09 PM
1,034 Views
NXPMike
Contributor II
I am also unable to successfully complete debug authentication:

##########################################################################################################
Open a debug port - operation started at 2025-02-06 16:56:21
##########################################################################################################
Executing script C:\SecureProvisioningBuild2\debug_auth\open_debug_port.bat
ERROR: Script failed with return code: [2]ERROR
### SCRIPT: Open debug port: C:\SecureProvisioningBuild2\debug_auth\open_debug_port.bat
call "C:\nxp\MCUX_Provi_v10\bin\_internal\tools\spsdk\nxpdebugmbox.exe" -p 1.0 -i pyocd -s OSAYAQGQ auth -b 0 -c "C:\SecureProvisioningBuild2\debug_auth\debug_auth_cert.dc" -k "C:\SecureProvisioningBuild2\keys\debug_authentication_key_RSA_2048.pem"
WARNING:__main__:The -p/--protocol option is deprecated and will be removed in version 2.4. (1701ms since start, nxpdebugmbox.py:259)
WARNING:__main__:The Family is not specified. This is a new option that will be mandatory since SPSDK 2.4. Please update your scripts. (1701ms since start, nxpdebugmbox.py:279)
DeprecationWarning: The command 'auth' is deprecated.
# Interface Id Description
----------------------------------------------------------------------------
0 PyOCD OSAYAQGQ NXP Semiconductors LPC-LINK2 CMSIS-DAP V5.224
WARNING:spsdk.dat.debug_mailbox:The debug mailbox access port index is not specified, trying autodetection. (2396ms since start, debug_mailbox.py:194)
Debug Authentication ends without AHB access.
SPSDKAppError: Debug Mailbox authentication failed:
SPSDK: Problem with debug mailbox occurred: Access to AHB is not granted.
nxpdebugmbox failed
### RESULT of the script `Open debug port`: Failure (return code = [2]ERROR)
Status of the operation: Failure: Open debug port
Reply

‎08-04-2025 08:54 PM
248 Views
JabezLaw
Contributor II

Hi, Mike

I also encountered a same problem.

Debug Authentication ends without AHB access.
SPSDKAppError: Debug Mailbox authentication failed:
SPSDK: Problem with debug mailbox occurred: Access to AHB is not granted.

I wonder if you have resolved this successfully. 

May I pick your brain if so.

Jabez

 

0 Kudos
Reply

3 weeks ago
202 Views
marek-trmac
NXP Employee
NXP Employee

Hi guys,

for debug authentication problems, I'd recommend to read the following paragraph in the user guide:  Troubleshooting — MCUXpresso Secure Provisioning Tool 25.06

Regards,
Marek


NOTE: If you find the answer useful, kindly click on [ACCEPT AS SOLUTION] button
0 Kudos
Reply