ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

S32K14xx security boot production programming solution

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

S32K14xx security boot production programming solution

‎10-11-2019 06:10 PM
2,481件の閲覧回数
leo_cheng
Contributor I

Hello everyone,

I am studying the security boot in S324146. I found these resource about security boot,

   -  Getting Started with CSEc Security Module        AN5401  AN5401SW  

   -  S32SDK_S32K1xx_RTM_3.0.0\examples\S32K146\demo_apps\csec_boot_protection

Basically, the procedure to enable security boot is like this, 

1. Execute program partition command in RAM(only take effect after next reset)

2. Reset

3. Program MASTER_ECU_KEY,BOOT_MAC_KEY and other user keys

4. Define the secure boot flavor and the BOOT_SIZE using CMD_BOOT_DEFINE command

5. Program code to be security boot protected

6. Program BOOT_MAC
      a. Automatically: Power on reset. The CSEc calculates BOOT_MAC and stores it in secure memory slot
      b. Manually: using another program(runing in RAM) to calculate BOOT_MAC and program it.

7. Security boot will work in next power on reset

The examples provided by NXP need lanuch several external programs to enable security boot during step 1- step 4, so my question is if 100K need to enable security boot in mass production, what is the best solution?

0 件の賞賛
返信
2 返答(返信)

‎01-23-2020 06:44 AM
2,252件の閲覧回数
tommy1231
Contributor II

Is NXP suggesting that we create our own solution for this using a tool such as

http://www.pemicro.com/products/product_viewDetails.cfm?product_id=15320148&productTab=1

or is there a preexisting solution for production environments?

0 件の賞賛
返信

‎10-21-2019 12:57 AM
2,252件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

this depends on your programming tools. Programming tools usually allow some kind of scripting, so it’s necessary to transform described procedure to script.

Generally there are two options: you can either write flash registers directly via SWD to start some operation (like mass erase or partition). Or, because relatively lot of operations must be executed to enable CSE, load keys and so on, you can develop RAM project (binary RAM image) which will be loaded to RAM and executed.

SW examples provided in AN5401 are examples only. You can put it together to have single RAM image.

So, partition (and mass erase if needed) can be initiated by direct writes to registers in debug mode, then the flash can be programmed as usual and then you can load and execute RAM image with rest of the initialization.

Regards,

Lukas

0 件の賞賛
返信