MCXW71 Secure Boot - Fuse Programming Failure

lober · ‎09-04-2025

Hi everyone,

I'm working on setting up secure boot on an FRDM-MCXW71 (MCXW716C) board, following the procedure outlined in Application Note AN14374.

I've run into a problem at the fuse-burning stage. After successfully enabling fuse programming (set-property 0x16 1), I encountered errors when trying to read from and program to the fuse map.

Here is the terminal output:

❯ blhost -p /dev/ttyACM0 set-property 0x16 1
Response status = 0 (0x0) Success.

❯ blhost -p /dev/ttyACM0 fuse-read 0x20 8
ERROR:spsdk.mboot.mcuboot:RX: Mboot: Data aborted by sender (223ms since start, mcuboot.py:177)
Response status = 1 (0x1) Fail.
Response word 1 = 0 (0x0)
Read 0 of 8 bytes.

❯ blhost -p /dev/ttyACM0 fuse-read 0x1F 8
65 0d 80 97 07 9f f2 7a
Response status = 0 (0x0) Success.
Response word 1 = 8 (0x8)
Read 8 of 8 bytes.

❯ blhost -p /dev/ttyACM0 fuse-program 0x1F "{{2f1e1f1ccd82c1c0f27903e5090c42e254f8796fec99f9ff2aa9547d11c691040c1994d040759cd7c88b3caa5f5e8221}}"
Response status = 1 (0x1) Fail.

❯ blhost -p /dev/ttyACM0 fuse-program 0x20 "{{f2664ad73a59aa4a7d2e480c13bf4b2da4e7557493806e9ac6c9c482cbda6a72}}"
Response status = 1 (0x1) Fail.

As you can see, reading from fuse address 0x20 fails, as does attempting to program fuses 0x1F and 0x20.

Believing it might be a tool-specific issue, I switched to the NXP Secure Provisioning (SEC) tool. However, when I tried to read the keys from the device to begin the provisioning process, I received the error shown in the attached screenshot.

To rule out the possibility of having damaged the initial board, I repeated the process with the SEC tool on a brand new, factory-sealed FRDM-MCXW71 board and encountered the exact same error.

This leads me to my main question:

Is this a known issue or expected behavior for the FRDM-MCXW71 boards? Is there a specific step or prerequisite for the MCXW716C that is not covered in AN14374?

My environment:

Hardware: FRDM-MCXW71 (MCXW716C)
Host OS: Fedora release 42 (Adams), SEC tool on Ubuntu 24.10
blhost Version: 3.1.0
SEC Tool Version: 25.06

Any guidance on this would be greatly appreciated.

Thank you!

marek-trmac · ‎09-04-2025

Hi again,

I'd recommend to follow the flow described in SEC too user guide for MCXW signed image: Processor-specific workflows — MCUXpresso Secure Provisioning Tool 25.06

Specifically pay attention to step 4 describing which keys must be used for EVK and FRDM boards. There boards are distributed with keys already burnt.

Regards,
Marek

NOTE: If you find the answer useful, kindly click on [ACCEPT AS SOLUTION] button

View solution in original post

marek-trmac · ‎09-04-2025

Hi @lober ,

I'd recommend to follow the process described in SEC documentation: Processor-specific workflows — MCUXpresso Secure Provisioning Tool 25.06

On the screenshot, you have shared, it seems you have a conflict between value burnt into the processor and the required value. Try to read value and compare.

Regards,
Marek

NOTE: If you find the answer useful, kindly click on [ACCEPT AS SOLUTION] button

lober · ‎09-04-2025

Thanks for reply @marek-trmac,

When using SEC tool i was following AN14371 application note (MCXW71 Secure Boot using SEC Tool) but i couldn't proceed further since OTP/IFR configuration was giving me error.

When i tried to write image i got:

##########################################################################################################
Write image - operation started at 2025-09-04 14:21:36
##########################################################################################################
The following fuses status was detected:
OTP request: LIFECYCLE |= 0x7 (mask: 0xff); current value=0x7; status=MATCHES
ERROR: OTP request: CUST_PROD_OEMFW_AUTH_PUK |= 0xc66f93dd5d9f93ef9d5ae14cfa1e50ac9c544029c8a7216d2efb1951b54e48fd (mask: 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff); current value=0x650d8097079ff27a3e8a2da14781b922fd8295b6c00bfa067f00e87f1a16b8b3; status=MISMATCH
OTP request: CUST_PROD_OEMFW_ENC_SK |= 0x8bc7f73375a9c893b1c05d1d486d11530942141f729861f1795373cfbb2eb9b7 (mask: 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff); current value=write-only; status=WRITE
ERROR: SUMMARY: Detected status of fuses for write operation: some fuse(s) were already burned and does not match the requested value(s)
Status of the operation: Failure: Fuses were already burned and do not match the requested value
Status of the operation: Failure: Irreversible changes

The exact same value i read from the first board (previous screenshot) appears in same fuse on the second one out-of-box board where no fuse burning was ever attempted. Value was read multiple times and every time it was the same. It looks like the value was prewritten on both boards before i attempted any fuse burning.

marek-trmac · ‎09-04-2025

Hi again,

I'd recommend to follow the flow described in SEC too user guide for MCXW signed image: Processor-specific workflows — MCUXpresso Secure Provisioning Tool 25.06

Specifically pay attention to step 4 describing which keys must be used for EVK and FRDM boards. There boards are distributed with keys already burnt.

Regards,
Marek

NOTE: If you find the answer useful, kindly click on [ACCEPT AS SOLUTION] button

lober · ‎09-04-2025

Thank you, I was able to proceed further after importing keys for my board

MCXW71 Secure Boot - Fuse Programming Failure

MCXW71 Secure Boot - Fuse Programming Failure

Security(Edgelock | secure boot | OTP)