- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
S32K14xx security boot production programming solution
Hello everyone,
I am studying the security boot in S324146. I found these resource about security boot,
- Getting Started with CSEc Security Module AN5401 AN5401SW
- S32SDK_S32K1xx_RTM_3.0.0\examples\S32K146\demo_apps\csec_boot_protection
Basically, the procedure to enable security boot is like this,
1. Execute program partition command in RAM(only take effect after next reset)
2. Reset
3. Program MASTER_ECU_KEY,BOOT_MAC_KEY and other user keys
4. Define the secure boot flavor and the BOOT_SIZE using CMD_BOOT_DEFINE command
5. Program code to be security boot protected
6. Program BOOT_MAC
a. Automatically: Power on reset. The CSEc calculates BOOT_MAC and stores it in secure memory slot
b. Manually: using another program(runing in RAM) to calculate BOOT_MAC and program it.
7. Security boot will work in next power on reset
The examples provided by NXP need lanuch several external programs to enable security boot during step 1- step 4, so my question is if 100K need to enable security boot in mass production, what is the best solution?
Is NXP suggesting that we create our own solution for this using a tool such as
http://www.pemicro.com/products/product_viewDetails.cfm?product_id=15320148&productTab=1
or is there a preexisting solution for production environments?
lukaszadrapa
Hi,
this depends on your programming tools. Programming tools usually allow some kind of scripting, so it’s necessary to transform described procedure to script.
Generally there are two options: you can either write flash registers directly via SWD to start some operation (like mass erase or partition). Or, because relatively lot of operations must be executed to enable CSE, load keys and so on, you can develop RAM project (binary RAM image) which will be loaded to RAM and executed.
SW examples provided in AN5401 are examples only. You can put it together to have single RAM image.
So, partition (and mass erase if needed) can be initiated by direct writes to registers in debug mode, then the flash can be programmed as usual and then you can load and execute RAM image with rest of the initialization.
Regards,
Lukas
