How to deployment secure boot on S32K314 by HSE AB SWAP with rollback to old version

GreatKey · ‎12-15-2024

Dear NXP,

We want to deployment secure boot on S32K314 by HSE AB SWAP with recovery mode.

The expected sequence is as below:

1. Set current active partition is A side.

2. An old version application in B side (Passive partition).

3. We want to secure boot A side, and secure boot B side when boot A side was failure.

We found recovery mode has the functions above, it seems that two IVT should be set on MCU's memory.

Could you show me how to deploy them to implement？

Or let me know another way to rollback to old version.

Thank you very much.

Best regards.

davidtosenovjan · ‎12-21-2024

In HSE RM, section 11.3 HSE Firmware update (AB_SWAP), IVT is location is shown. I don't understand this to mean that the user should prepare two copies of the IVT.

GreatKey · ‎12-23-2024

Hi David,

Thank you very much for your response.
I have got it in HSE RM.
In IVT structure, I found the item below. One IVT is enough.
Start Address of Application Core for Secure Recovery mode.
And another questions, please.

In the RM, I found that 0x00400000, 0x00500000, 0x00600000, 0x00700000 and 0x10000000 can be used to the IVT start address.
If I set them all, I want to know what their priority is?

I also found APPBL_ADDR should be set to SMR in secure boot install demo, how does SBAF work with SMR and IVT? Which is more prioritized, SMR or IVT?

Best Regards,

davidtosenovjan · ‎01-07-2025

The IVT start address can be selected from one of the values provided in the below table. At reset, the HSE searches for the first valid IVT header tag starting from the lowest address.

Basic Secure Boot (aka IVT-based secure boot) can be used only if the SMR-based secure boot is not available (there is no Core Reset entry configured).