S32K312 SECURE BOOT

Benz_G · ‎12-15-2023

Hi:

While looking at the sample code, there is a question. In the example code, the authentication label of an active partition is stored in a passive partition, and the authentication label of the passive partition is stored in an active partition. When implementing secure boot with ab _ awap firmware, do the active block and the passive block applications have to be exactly the same?

Thanks & Best Regards!

lukaszadrapa · ‎12-19-2023

Hi @Benz_G

I guess we are talking about example from Secure Boot Application Note:
https://www.nxp.com/products/processors-and-microcontrollers/s32-automotive-platform/s32k-auto-gener...
Application note can be found here:
Documentation -> Secure Files -> Secure Boot Application note v0.1.1.0 (AN744511)
Associated demo project can be downloaded here:
Design Resources -> Software -> Secure Files -> SecureBootAppNoteDemo (SW745310)

Section "7.3 Implement secure boot" explains how to enable the secure boot. It's not necessary to have the same App in passive and active partition but it's the simplest method how to configure the secure boot. You probably won't have two applications right at the beginning.

Regards,
Lukas

lukaszadrapa · ‎12-19-2023

... and comment about "the authentication label of an active partition is stored in a passive partition, and the authentication label of the passive partition is stored in an active partition":

No, take a look at step 3 and 5. Cfg_v1 calculates AuthTag of App_v2 and then it's stored to passive block (to App_v2). In step 5, Cfg_v2 calculates AuthTag of App_v1 and then it's stored to passive block (to App_v1).