S32K14xx security boot production programming solution

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

S32K14xx security boot production programming solution

1,598 Views
leo_cheng
Contributor I

Hello everyone,

I am studying the security boot in S324146. I found these resource about security boot,

   -  Getting Started with CSEc Security Module        AN5401  AN5401SW  

   -  S32SDK_S32K1xx_RTM_3.0.0\examples\S32K146\demo_apps\csec_boot_protection

Basically, the procedure to enable security boot is like this, 

1. Execute program partition command in RAM(only take effect after next reset)

2. Reset

3. Program MASTER_ECU_KEY,BOOT_MAC_KEY and other user keys

4. Define the secure boot flavor and the BOOT_SIZE using CMD_BOOT_DEFINE command

5. Program code to be security boot protected

6. Program BOOT_MAC
      a. Automatically: Power on reset. The CSEc calculates BOOT_MAC and stores it in secure memory slot
      b. Manually: using another program(runing in RAM) to calculate BOOT_MAC and program it.

7. Security boot will work in next power on reset

The examples provided by NXP need lanuch several external programs to enable security boot during step 1- step 4, so my question is if 100K need to enable security boot in mass production, what is the best solution?

0 Kudos
Reply
2 Replies

1,369 Views
tommy1231
Contributor II

Is NXP suggesting that we create our own solution for this using a tool such as

http://www.pemicro.com/products/product_viewDetails.cfm?product_id=15320148&productTab=1

or is there a preexisting solution for production environments?

0 Kudos
Reply

1,369 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

this depends on your programming tools. Programming tools usually allow some kind of scripting, so it’s necessary to transform described procedure to script.

Generally there are two options: you can either write flash registers directly via SWD to start some operation (like mass erase or partition). Or, because relatively lot of operations must be executed to enable CSE, load keys and so on, you can develop RAM project (binary RAM image) which will be loaded to RAM and executed.

SW examples provided in AN5401 are examples only. You can put it together to have single RAM image.

So, partition (and mass erase if needed) can be initiated by direct writes to registers in debug mode, then the flash can be programmed as usual and then you can load and execute RAM image with rest of the initialization.

Regards,

Lukas

0 Kudos
Reply