- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- 产品论坛
- :
- MCX Microcontrollers
- :
- MCX A secure/signed mode in rom bootloader?
MCX A secure/signed mode in rom bootloader?
MCX A secure/signed mode in rom bootloader?
02-10-2026
05:26 AM
595 次查看
Lets assume we want to design a system using MCX A-series that uses the ROM bootloader feature for end-customer firmware upgrades.
Upgrades could happen via web-serial->usb or in-system updates via UART from another mcu, both talking directly to the rom boot code.
I haven't looked in detail whats available in the newer MCX-series rom implementation, but the questions are:
- is there a way to require a signed binary when using ROM boot?
- i.e. write "otp-keys" to flash and force the bootloader to only accept valid binaries to be written
- i.e. write "otp-keys" to flash and force the bootloader to only accept valid binaries to be written
- are there ways to prevent raw reads from flash while still having erase/write enabled?
in my case mcu pick would be: MCXA156VPJ
ps. fully aware I can write my own 2nd stage BL to achieve this, but the whole point here is to design a simple + brick-proof system.
2 回复数
02-11-2026
02:23 AM
564 次查看
Alice_Yang
NXP TechSupport
Hello @dav1
The MCXA series does not support secure or signed mode in the ROM bootloader.
Please consider using the MCXN series, which does support this feature.
Please consider using the MCXN series, which does support this feature.
Thank you.
BR
Alice
