帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

CSEc Secure boot:Why is it not always in the reset state after a security boot failure

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

CSEc Secure boot:Why is it not always in the reset state after a security boot failure

跳至解决方案
‎09-21-2023 12:19 AM
733 次查看
ZEROOO
Contributor IV

Hi 

    In S32k118, CSEc safe boot introduces three safe boot methods, why sequential boot mode and parallel boot mode can still execute ROM code after failure, what are the considerations of this setting, if you can still enter the App to run, then what is the meaning of safe boot?

ZEROOO_0-1695280780059.png

 

标签 (1)
标签
0 项奖励
回复
1 解答

跳至解决方案
‎09-21-2023 10:36 AM
698 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @ZEROOO 
the sentence about execution of ROM code is little bit confusing. It comes from SHE specification and it has different meaning here.
Regardless of that, let me explain how it works:
If sequential or parallel boot mode fails, the only effect is that boot protected keys cannot be used (boot protected keys - when BOOT_PROT attribute is set when loading a key). The application will run but the application cannot use boot protected keys.
The only difference between sequential and parallel boot mode: in sequential mode, boot protected keys are available immediately when the application starts execution (of course, if the secure boot is successful). In parallel boot mode, the application needs to wait until the secure boot is finished and then the boot protected keys will be available.
Next level of protection is strict sequential boot mode. If this boot mode fails, the application won't run, the device will stay in reset forever and there's no way to recover. The only option is to replace the device.
Regards,
Lukas

在原帖中查看解决方案

回复
1 回复

跳至解决方案
‎09-21-2023 10:36 AM
699 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @ZEROOO 
the sentence about execution of ROM code is little bit confusing. It comes from SHE specification and it has different meaning here.
Regardless of that, let me explain how it works:
If sequential or parallel boot mode fails, the only effect is that boot protected keys cannot be used (boot protected keys - when BOOT_PROT attribute is set when loading a key). The application will run but the application cannot use boot protected keys.
The only difference between sequential and parallel boot mode: in sequential mode, boot protected keys are available immediately when the application starts execution (of course, if the secure boot is successful). In parallel boot mode, the application needs to wait until the secure boot is finished and then the boot protected keys will be available.
Next level of protection is strict sequential boot mode. If this boot mode fails, the application won't run, the device will stay in reset forever and there's no way to recover. The only option is to replace the device.
Regards,
Lukas

回复