ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

CSEc Secure boot:Why is it not always in the reset state after a security boot failure

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

CSEc Secure boot:Why is it not always in the reset state after a security boot failure

ソリューションへジャンプ
‎09-21-2023 12:19 AM
730件の閲覧回数
ZEROOO
Contributor IV

Hi 

    In S32k118, CSEc safe boot introduces three safe boot methods, why sequential boot mode and parallel boot mode can still execute ROM code after failure, what are the considerations of this setting, if you can still enter the App to run, then what is the meaning of safe boot?

ZEROOO_0-1695280780059.png

 

ラベル(1)
ラベル
0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎09-21-2023 10:36 AM
695件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @ZEROOO 
the sentence about execution of ROM code is little bit confusing. It comes from SHE specification and it has different meaning here.
Regardless of that, let me explain how it works:
If sequential or parallel boot mode fails, the only effect is that boot protected keys cannot be used (boot protected keys - when BOOT_PROT attribute is set when loading a key). The application will run but the application cannot use boot protected keys.
The only difference between sequential and parallel boot mode: in sequential mode, boot protected keys are available immediately when the application starts execution (of course, if the secure boot is successful). In parallel boot mode, the application needs to wait until the secure boot is finished and then the boot protected keys will be available.
Next level of protection is strict sequential boot mode. If this boot mode fails, the application won't run, the device will stay in reset forever and there's no way to recover. The only option is to replace the device.
Regards,
Lukas

元の投稿で解決策を見る

返信
1 返信

ソリューションへジャンプ
‎09-21-2023 10:36 AM
696件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @ZEROOO 
the sentence about execution of ROM code is little bit confusing. It comes from SHE specification and it has different meaning here.
Regardless of that, let me explain how it works:
If sequential or parallel boot mode fails, the only effect is that boot protected keys cannot be used (boot protected keys - when BOOT_PROT attribute is set when loading a key). The application will run but the application cannot use boot protected keys.
The only difference between sequential and parallel boot mode: in sequential mode, boot protected keys are available immediately when the application starts execution (of course, if the secure boot is successful). In parallel boot mode, the application needs to wait until the secure boot is finished and then the boot protected keys will be available.
Next level of protection is strict sequential boot mode. If this boot mode fails, the application won't run, the device will stay in reset forever and there's no way to recover. The only option is to replace the device.
Regards,
Lukas

返信