Dear NXP Support Team,
I am currently running the example S32K3_HSE_DemoExamples_1_0_0\S32K3_HSE_DemoExamples\Secure_Boot\S32K344_Advanced_SecureBoot on the S32K344EVB-T172 board.
However, I have observed an issue where the following function call:
FLASH_Write(pCmacTag, Cmac_Tag, sizeof(Cmac_Tag))
does not program the CMAC tag into flash memory at the address defined by CmacTagFlashAddress.
The returned status is 0xC100, which indicates no error, but after dumping the flash memory, I can confirm that the CMAC tag has not been written to the expected flash location.
Could you please help me debug this issue?
I have executed the S32K344_Advanced_SecureBoot application, and the execution completed successfully without any errors. do you have anyway to debug or trace the secure boot process after a system reset?
One more thing is necessary - once configuration is done, BOOT_SEQ bit in boot configuration word in flash should reprogrammed to '1'. This enables the secure boot. Then SecureBootBlinky application should be executed after reset instead of configuration project. Once BOOT_SEQ is set to '1', normal reset vector (which is pointing to configuration project) is not taken into account.
I saw that there's a difference between Basic Secure Boot example and Advanced Secure Boot example:
Basic SB example has BOOT_SEQ already set in the boot header, Advanced SB example does not have BOOT_SEQ set. Either set it here or reprogram the flash manually once the configuration of secure boot is done. I described how it works here:
So, as I said above, if secure boot is successful, SecureBootBlinky application will be executed. If secure boot fails, the device will go to recovery mode. That means it will end up in endless loop in RAM at JTAG_RECOVERY_START_ADDRESS which is 0x20400100.
Regards,
Lukas
