MPC5775E several questions on CSE/BOOT

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MPC5775E several questions on CSE/BOOT

141 Views
vyacheslavguzhv
NXP Employee
NXP Employee

hi colleagues,

 

please help to answer following questions for MPC5775E

  1. Both Parallel and Sequential boot modes do not block execution of the invalidly verified software, in other words they do not provide secure boot sanctions on HW level. Those only block access to keys defined with attribute BOOT_PROT and provide information about the result of Secure Boot to application. AN5418 mentions a functionality called Strict sequential boot mode (Chapter 1.4.3) which seem to perform the desired functionality, but no configuration information can be found in both AN5418 and RM. How should this be configured?
  2. Current HW samples in our possession do not have the UTEST Secure Boot Configuration written. According to to RM, the record is only writable by NXP. Is this true or the information is misleading, and it is actually write once hence we should be able to able to write it in case it is not already present in DCF table?
  3. Can DCF records Secure Boot Code Address and Secure Boot Code Length be overwritten? Overwrite is meant here as adding additional DCF records with different content. If yes, this would mean that by only gaining access to JTAG interface, it is possible to change the configuration of root of trust in regard to Secure Boot. Another possibility is that the Secure Boot is performed for all images defined in all DCF records. What is the actual behavior? This is somehow connected to the next question 4.
  4. BOOT_MAC is the CMAC generated using AES-128 over the firmware image defined in DCF records Secure Boot Code Address and Secure Boot Code Length. In AN5418 BOOT_MAC is defined as being update able. We wanted to ask whether the update procedure of BOOT_MAC needs to be performed manually, in other words we need to calculate the BOOT_MAC value for the the new software and write the new BOOT_MAC using LOAD_KEY cmd in case of update of the memory space defined in DCF.
  5. Is CSE in anyway update-able? Is it something we should consider in the design process?
  6. Are there any additional documents that we should be aware of that describe the security features of the platform other than MCU Reference Manual and AN5418?

 

0 Kudos
Reply
1 Reply

119 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @vyacheslavguzhv 

1. It's configured to Parallel mode in factory and it cannot be changed.
2. This DCF record is not visible for user.
3. Yes, it can be overwritten (i.e. adding new record) and only the latest value will be considered.
4. Yes, the BOOT_MAC can be updated using standard SHE update protocol - it's updated in the same way as keys. You can calculate the CMAC offline (for example using binary/srecord file and OpenSSL) or you can let the hardware to calculate the CMAC (during development). But the BOOT_MAC must be updated manually via SHE update protocol.
The BOOT_MAC can be calculated and stored automatically only first time as required by SHE specification. Next time it needs to be updated manually.
5. No, CSE can't be updated.
6. SHE specification is sometimes helpful. Please check NXP sharepoint.

Regards,
Lukas

0 Kudos
Reply