- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- Neural Processing UnitsNeural Processing Units
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
- Neural Processing Units
-
- NXP Tech Blogs
Secure Boot validation for Bootloader SW
11-20-2025
09:29 PM
516 次查看
Kishore_14
Contributor III
Hello team,
1.How do we perform Secure Boot validation for Bootloader SW itself?
If the bootloader itself initializes CSEc, then we are already running unverified code.
2.If bootloader region is locked with read/write/erase protection and JTAG is disabled, can we skip Secure Boot validation for Bootloader ?
Can it still be tampered?
Do we need to mandate Secure boot validation for Bootloader SW also
Thanks.
1 回复
11-21-2025
01:56 AM
483 次查看
lukaszadrapa
NXP TechSupport
Hi @Kishore_14
1. This needs to be managed by production process and appropriate countermeasures. Typically the device should be programmed and configured in secured environment where only approved persons have access etc.
S32K1 devices do not have features which would make this process more secured, so it’s up to users to set up appropriate environment. For example, S32K3 have public keys in ROM key catalog while private keys are exclusively owned by NXP, so NXP can sign customer application/data on request. This is next level of protection. But there’s nothing like that on S32K1.
2. 100% secure device does not exist. Every protection can be bypassed. The goal is to make the security breakthrough as hard as possible and to make the effort unreasonable high and cost ineffective. So, our recommendation is to implement all levels of protection including secure boot.
Regards,
Lukas
