Hello all,

Im following a project based on the MCXN947 (frdm_mcxn947 board) and we need to setup the debug authentication and signed firmware validation before sending it to the client for testing, but im very unsure about two things.

1. Is the debug authentication restricted to the "in-field" case? where the MCU is permanently locked with keys and security configuration burned in OTP? I dont want to risk permanently breaking the only board i have
2. If i set up the debug authentication feature, then is it still possible to connect and debug code with the on board debugger? Im debugging with VSCode with a Jlink debug .launch config, how do i add the security artefacts for enabling the debug authentication?

It would be great if someone that has already tackled the thing can shed some light on how to proceed, because i only see the AN14162 being referred to and not much else in terms of documentation

Hello @raimbowgeddon 

1. Is the debug authentication restricted to the "in-field" case? where the MCU is permanently locked with keys and security configuration burned in OTP? I dont want to risk permanently breaking the only board i have

->>No, the debug authentication is not only for "in-fileld" casse. It can be tested during development. Config it on CMPA part, not in OTP.

2. If i set up the debug authentication feature, then is it still possible to connect and debug code with the on board debugger? Im debugging with VSCode with a Jlink debug .launch config, how do i add the security artefacts for enabling the debug authentication?

->>Yes. After debug authentication is enabled, you normally cannot just start a normal J-Link session as before. You must first run the debug authentication challenge-response flow, then connect your debugger.

https://www.bilibili.com/video/BV13EhAzdEzV/?spm_id_from=333.1387.homepage.video_card.click 

Thank you.

BR

Alice