I have used the secure boot sample code of the SDK version, what should I do to verify whether the board has the secure boot function?
Hi,
you can check FCSESTAT register. Bit SB (Secure Boot) says if secure boot is activated or not. Bit BOK (Secure Boot OK) says if the secure boot was successful or not.
If sequential or parallel secure boot mode is successful, you are allowed to use boot protected keys. If it is not successful, you can't use these keys.
If strict sequential secure boot mode is successful, you are also allowed to use proatected. But if it fails, the device will never leave reset and there's no way to recover.
Regards,
Lukas
In other words, as long as I upload different codes, can I not pass the verification ?
Thank you,lukas
Is there any way to tamper with the code that was protected by the secure boot, which caused the secure boot to fail.
The secure boot does not protect the flash against modification. You can still erase/program the area covered by secure boot. The purpose is different - if helps to check the content of that area and then, based on result, it allows or denies using of boot protected keys. This is the case of sequential or parallel boot mode.
In case of strict sequential boot mode, the device will be bricked if the secure boot fails.
If you need to update the code protected by secure boot, it is possible but it is necessary to update BOOT_MAC. See section "4.4.4 Updating Code and resulting BOOT_MAC" in AN5401 for more details:
https://www.nxp.com/webapp/Download?colCode=AN5401&location=null
https://www.nxp.com/webapp/Download?colCode=AN5401SW&location=null
Regards,
Lukas
ok,thanks you lukas