Hi NXP,
Do we need to update SMR when just only Signature bytes change due to code content change but code size, start address , key, pointer to signature ... are not changed ?
Hello,
The SMR (Secure Memory Region) entry contains the metadata HSE uses to verify your application image. Even if:
the size stays the same
the start address stays the same
the key handle stays the same
the signature pointer stays the same
…any modification to the code content produces a different signature, and HSE must verify the new signature.
Because of this, the SMR entry that holds the signature must be rewritten with the updated signature bytes.
The SMR entry is part of the authenticated boot chain; HSE cannot validate the updated binary unless its corresponding SMR entry reflects the new signature.
FYI: Aptiv has direct NXP FAE, so feel free to get in touch with him for details.
Best regards,
Peter
Thank you for your response