Background:
➢ IP protection is important for most customers, Kinetis, LPC54 series and i.MX RT have necessary security features that help us to win customers and markets. ➢ LPC55 series is a new generation of IoT MCU which is used for consumer and industrial market. LPC55 non-S parts are adopted by most customers due to its low-cost and easy-to-use features, but its secure features are different with S parts and is significantly simplified. ➢ LPC55 is designed for secured IoT application, so it’s supposed to hide the SWD/ISP ports after development work is finished. If the SWD/ISP ports are secured, they couldn’t be used any more. While for LPC54 & Kinetis MCU, mass erase command can be used to recover the MCU after the MCU is secured. ➢ However, Customers need the feature to secure the debugging/ISP ports, but they also need to recover them in some cases: - Reprogramming to update firmware - Investigate and analyze failed parts returned from end market - Rescue the MCU if it’s locked and stuck ➢ According to customers’ requirements, NXP support team raised the proposal to implement a solution which can be used to secure and recover the SWD/ISP ports with an IAP backdoor method.
Solution:
By Operating PFR region, LPC55 could switch between secure and recovery mode.
lpc5506_debug_isp_test_20220714: demonstrate how to operate this region to lock Debug Port then how to recovery it. The user interaction could be raised by UART or button;
2.hmac_test_20220714: demonstrate one full security flow,
➢ This is a complete solution to secure & recovery debugging/ISP ports on LPC55, and it uses host machine challenge mechanism to implement security features: ▪ Challenge Host machine against unknown host probe; ▪ Generates dynamic seeds, so that the final encrypt information will be dynamically changed; ▪ The image hash value is device related, that avoids same encrypt info for different image/product;
➢ Customer also could clip the solution to simplify application complexity: ▪ Use UUID for device information only, no seed is needed; ▪ Host machine can use fixed keys instead of image hash values to do info encryption; ▪ Host machine can use UUID lookup table to find out verification key; Every device is programmed with dedicated verification key during production.
Demonstration:
The attached demos could run at LPC55S06 EVK, and could easily migrate to other LPC55 series.
View full article