- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
T1023: SecureBoot from SD possible?
I'm working on SecureBoot for the T1023 SoC. I have a working U-Boot for SD boot.
Now I'm trying to add the esbc_validate command to U-Boot. To do so I had to enable the "CONFIG_SECURE_BOOT" switch (and some other switches, as well). However, U-Boot does not start any more (I don't see anything on the serial console).
Does the T1023 even support SecureBoot for SD card?
Secure Boot from SD/MMC is supported, but not in all versions of
u-Boot and it is slightly more sophisticated than booting Secure
e.g. from NOR. Suggestions:
1. Use NXP QorIQ SDK
2. Follow recommendations given in this article
Have a great day,
Platon
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
After I got Secure Boot running for NOR flash boot I'm again working on SD boot.
First of all, the SDK 2.0-1703 manual doesn't fit my platform, as it seems. Let me explain. I built images for T1024RDB using the SDK, but the files rcw.bin and u-boot-dtb.bin (required according to the manual) are not present. Then, I need input_files/uni_sign/<platform>/sdboot/input_uboot_secure, which doesn't exist for my platform (the directory input_files/uni_sign/t1_t2_t4/sdboot does not exist). Also, the file input_files/create_pbi/<platform>/input_pbi_sd_secure does not exist for the T-series platform (only for ls1). I guess that the manual has Layerscape in mind. Maybe you want to update it a little bit to help T-series users find their corresponding files.
Anyway, I managed to partly adapt the config file uni_pbi input_files/create_pbi/ls1/input_pbi_sd_secure to my needs. The uni_pbi tool now creates a PBI file which writes the BOOT1_PTR value to the address 0xee0200, which looks like the Layerscape DCFG_CCSR_SCRATCHRW1 address, which is wrong for the T-series. The address seems to be hardcoded in the uni_pbi source ("#define BOOTPTR_ADDR 0x09ee0200").
Question: Can the uni_pbi tool be used for T1024 (if yes: how?).
