FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

S32K3 Secure Boot activation timing question

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

S32K3 Secure Boot activation timing question

a week ago
147 Views
minjaekang99
Contributor I

Hello, I am working with Secure Boot on the S32K324 (HSE firmware), and I want to confirm whether my understanding is correct.

  1. Once Secure Boot is activated and the SMR/CR entries are provisioned, will the device refuse to boot if the application firmware changes even by one byte (e.g., code modification, rebuild, RTD version change, etc.) because the hash/signature no longer matches?

  2. Given this behavior, is the recommended workflow to complete all firmware development first, finalize the application image, and activate Secure Boot only at the very end of the project (since any further code changes would cause Secure Boot verification to fail)?

Thank you in advance for your clarification.

0 Kudos
Reply
2 Replies

Monday
49 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @minjaekang99 

1. This is described in section "7.10.4 Sanctions" in HSE firmware reference manual. If the secure boot fails, alternate image can be executed (if configured). If it fails too, the device enters recovery mode. Or you can only disable usage of individual keys (based on smrFlags) or all keys. Or the device can be reset and it can enter a recovery mode after 8 resets... See mentioned section in the manual for more details and also check HSE Service API reference manual. 

2. Yes, common way is to finalize your application and then start with configuration of secure boot. 

Regards,

Lukas

0 Kudos
Reply

Monday
71 Views
minjaekang99
Contributor I

Can anyone answer this question?

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2232752%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ES32K3%20Secure%20Boot%20activation%20timing%20question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2232752%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%2C%20I%20am%20working%20with%20Secure%20Boot%20on%20the%20S32K324%20(HSE%20firmware)%2C%20and%20I%20want%20to%20confirm%20whether%20my%20understanding%20is%20correct.%3C%2FP%3E%3COL%3E%3CLI%3E%3CP%3EOnce%20Secure%20Boot%20is%20activated%20and%20the%20SMR%2FCR%20entries%20are%20provisioned%2C%20will%20the%20device%20refuse%20to%20boot%20if%20the%20application%20firmware%20changes%20even%20by%20one%20byte%20(e.g.%2C%20code%20modification%2C%20rebuild%2C%20RTD%20version%20change%2C%20etc.)%20because%20the%20hash%2Fsignature%20no%20longer%20matches%3F%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3EGiven%20this%20behavior%2C%20is%20the%20recommended%20workflow%20to%20%3CSTRONG%3Ecomplete%20all%20firmware%20development%20first%3C%2FSTRONG%3E%2C%20finalize%20the%20application%20image%2C%20and%20%3CSTRONG%3Eactivate%20Secure%20Boot%20only%20at%20the%20very%20end%3C%2FSTRONG%3E%20of%20the%20project%20(since%20any%20further%20code%20changes%20would%20cause%20Secure%20Boot%20verification%20to%20fail)%3F%3C%2FP%3E%3C%2FLI%3E%3C%2FOL%3E%3CP%3EThank%20you%20in%20advance%20for%20your%20clarification.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2246832%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20S32K3%20Secure%20Boot%20activation%20timing%20question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2246832%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%3CSPAN%3ECan%20anyone%20answer%20this%20question%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2248069%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20S32K3%20Secure%20Boot%20activation%20timing%20question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2248069%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F242600%22%20target%3D%22_blank%22%3E%40minjaekang99%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1.%20This%20is%20described%20in%20section%20%227.10.4%20Sanctions%22%20in%20HSE%20firmware%20reference%20manual.%20If%20the%20secure%20boot%20fails%2C%20alternate%20image%20can%20be%20executed%20(if%20configured).%20If%20it%20fails%20too%2C%20the%20device%20enters%20recovery%20mode.%20Or%20you%20can%20only%20disable%20usage%20of%20individual%20keys%20(based%20on%20smrFlags)%20or%20all%20keys.%20Or%20the%20device%20can%20be%20reset%20and%20it%20can%20enter%20a%20recovery%20mode%20after%208%20resets...%20See%20mentioned%20section%20in%20the%20manual%20for%20more%20details%20and%20also%20check%20HSE%20Service%20API%20reference%20manual.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E2.%20Yes%2C%20common%20way%20is%20to%20finalize%20your%20application%20and%20then%20start%20with%20configuration%20of%20secure%20boot.%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERegards%2C%3C%2FP%3E%0A%3CP%3ELukas%3C%2FP%3E%3C%2FLINGO-BODY%3E