About secure boot of S32K144

chen1995 · ‎02-20-2023

I have used the secure boot sample code of the SDK version, what should I do to verify whether the board has the secure boot function?

lukaszadrapa · ‎02-20-2023

Hi,

you can check FCSESTAT register. Bit SB (Secure Boot) says if secure boot is activated or not. Bit BOK (Secure Boot OK) says if the secure boot was successful or not.

If sequential or parallel secure boot mode is successful, you are allowed to use boot protected keys. If it is not successful, you can't use these keys.

If strict sequential secure boot mode is successful, you are also allowed to use proatected. But if it fails, the device will never leave reset and there's no way to recover.

Regards,

Lukas

chen1995 · ‎02-20-2023

In other words, as long as I upload different codes, can I not pass the verification ?

chen1995 · ‎02-20-2023

Thank you，lukas

Is there any way to tamper with the code that was protected by the secure boot, which caused the secure boot to fail.

lukaszadrapa · ‎02-21-2023

The secure boot does not protect the flash against modification. You can still erase/program the area covered by secure boot. The purpose is different - if helps to check the content of that area and then, based on result, it allows or denies using of boot protected keys. This is the case of sequential or parallel boot mode.

In case of strict sequential boot mode, the device will be bricked if the secure boot fails.

If you need to update the code protected by secure boot, it is possible but it is necessary to update BOOT_MAC. See section "4.4.4 Updating Code and resulting BOOT_MAC" in AN5401 for more details:

https://www.nxp.com/webapp/Download?colCode=AN5401&location=null

https://www.nxp.com/webapp/Download?colCode=AN5401SW&location=null

Regards,

Lukas

chen1995 · ‎02-21-2023

ok,thanks you lukas