FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Debug Authentication fails: Invalid RKTH (DAC vs DC mismatch)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Debug Authentication fails: Invalid RKTH (DAC vs DC mismatch)

‎01-30-2026 01:13 AM
1,230 Views
Andy_Wang
Contributor I

I am using MCUXpresso Secure Provisioning Tool v25.12 with FRDM‑MCXN947 to enable Debug Authentication (DA). I generated ROT/IMG keys (ECC P‑256), generated a Debug Key, created a Debug Certificate Request (DCR), and signed a Debug Certificate (DC) with ROT1. Then I programmed RKTH into OTP (ROTKH0~7) and ran “Open Debug Port” in non‑ISP mode.

The DA always fails with Invalid RKTH. The log shows DAC and DC mismatch:

RoT Hash(Error): Invalid RKTH.
DAC: 7ade2035127204aae2e7c0dc5667b1998d09756dc5060cb45af31f359eab9f68
DC : 3520de7aaa047212dcc0e7e299b167566d75098db40c06c5351ff35a689fab9e

It looks like the DAC value is the DC value with byte‑swap per 32‑bit word. OTP readback of ROTKH0~7 still shows 3520de7a … 689fab9e.

Questions:

If RKTH was programmed with wrong endianness, is there any recovery path?

Environment:

  • MCUXpresso Secure Provisioning Tool v25.12
  • Board: FRDM‑MCXN947
  • Debug probe: MCU‑LINK (pyOCD)
0 Kudos
Reply
1 Reply

‎03-05-2026 03:09 AM
1,113 Views
Celeste_Liu
NXP Employee
NXP Employee

Hello @Andy_Wang ,

Sorry that we’ve only just noticed your post, possibly due to a community system issue. Apologies for keeping you waiting.
May I check how things are going with this issue? Do you still need assistance from us?
BR
Celeste
0 Kudos
Reply