Secure Boot with Strict Sequential Boot Mode

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Secure Boot with Strict Sequential Boot Mode

2,504 Views
香龙朱
Contributor II

Hi,

I was working on secure boot function recently. I run my device in "Sequential Boot Mode", but I find this mode is not what I need. Because, whether the boot check is fail or not, it will run Flash code. I think if the boot check is fail, it should stop or reset.

So, I try "Strict Sequential Boot Mode". But I didn't read AN5401.pdf carefully. I burned my code to flash, Then I configured CSEc, and I configured "Strict Sequential Boot Mode" with "automatic BOOT_MAC calculation".

Now, my device can not be startup, it is always stay in RESET state. The RESET pin is always low.

How Can I reuse my device?

Thanks a lot!

0 Kudos
Reply
8 Replies

1,989 Views
leo_cheng
Contributor I

Hi Shannon,

I am wondering if you solved it or not. I have a same problem, the MCU always stays in RESET state because of strict security boot failure.

0 Kudos
Reply

1,989 Views
jiri_kral
NXP Employee
NXP Employee

Hi, 

as I mentioned in different thread - your device is probably locked and mass erase is disabled. Under this condition there is no way how to recover it.

Jiri 

0 Kudos
Reply

1,989 Views
香龙朱
Contributor II

Hi, Jiri

   Thanks for your support.

   This is another hardware, Rather than "Device is secure, Erase to unsecure".

   I try the "Strict Sequential Boot Mode" function. But I didn't write the BOOT_MAC. So, my hardware is always stay in RESET. the RESET pin is always low.

   I want to know How can I run my hardware form RAM. or How can I change the secure boot type of my hardware. 

Thanks a lot.

Shannon. 

0 Kudos
Reply

1,989 Views
jiri_kral
NXP Employee
NXP Employee

Hi, 

I see. So - in my opinion the easiest way how to "reset" your hardware is use csec_keyconfig_s32k144 example: 

pastedImage_1.png

Enable erase all keys in main.c source file: 

pastedImage_1.png

This example erase flash area and restore flash config to default value. Be sure that you are running this example as RAM target: 

pastedImage_2.png

If it doesn't help - can you please share your project? I'll test it on my EVB and try to find recovery process. 

Jiri 

0 Kudos
Reply

1,989 Views
香龙朱
Contributor II

Hi,

Thanks for support!

For this issue, I refer the chapter 4.4.3.2 Automatically using CSEc of AN5401.pdf.

   1,I debug the "UartDemo" porject for burn the code into Flash.

   2,I debug the "1_Configure_part_and_Load_keys" project for load the ECU_KEY. and I use the Debug_RAM.

   3,I debug the "4_secure_boot_add_BOOT_MAC_manual" project for config the secure boot. and I use the Debug_RAM.

project.PNG

I modify "4_secure_boot_add_BOOT_MAC_manual" project like this:

secure_boot_BOOT_MAC.PNG

I change the BOOT_SIZE and boot flavor. and run it use Debug_RAM. I want to calculate the BOOT_MAC automatic. I power off my hardware and wait a few minutes, then I power on my hardware, I think it will run Flash code, but it doesn't. Then I power off and power on my hardware several times, But it doesn't work.

0 Kudos
Reply

1,989 Views
香龙朱
Contributor II

Sorry for last reply, it is not complete.

continue!

I refer the AN5401.pdf, I find the mode flavor = 0(Strict Sequential Boot Mode) can not use automatic BOOT_MAC caculation.The reset pin is always low.I can not debug the "csec_keyconfig_s32k144" example.

I can't submit my project in this reply.

the "UartDemoNoBoot" project is a simple project that can print some information when run from flash.

I do not modify the "1_Configure_part_and_Load_keys" project in AN5401SW.zip

I modify the  "4_secure_boot_add_BOOT_MAC_manual" project like last reply.

Thanks a lot.

Shannon

0 Kudos
Reply

1,989 Views
mikedoidge
NXP Employee
NXP Employee

Hi Shannon,

To attach the project, you can use the link 'Use advanced editor' at the upper right of your response box. Then you will be able to attach a file.

Best Regards,

Mike

0 Kudos
Reply

1,989 Views
香龙朱
Contributor II

Hi, Mike

Thanks!

0 Kudos
Reply