ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Secure boot process

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

Secure boot process

ソリューションへジャンプ
‎06-17-2023 02:16 AM
2,461件の閲覧回数
Gideon
Contributor III

My Flash map like this: refer to AN12218

locationGideon_0-1686991707792.png

 

I wish to implement the following sequence:refer to S32k-RM.pdf

Gideon_1-1686991948578.png

 

According to the AN4235.pdf scheme, verify the Bootloader area using the Secure boot mechanism (I know how to use the CSEc module) at Power ON. 

Gideon_2-1686992285600.png

The Flash address is set to 0x1000_0000 and Length is set to 16K (the expected Bootloader size) as shown in the red box above, and I can achieve my goal, but now I cannot find such a function interface,I found the interface CSEC_DRV_BootDefine in the SDK, but it cannot specify the Flash address。

In AN5401, it is described that once secure boot is configured, on every reset, the autonomous secure boot runs on the Program Flash block starting at address '0' and finishes at BOOT_SIZE number of bits. If BOOT_SIZE is specified as 4K, then the FLASH area verified by Secure boot is 0x0000_0000-0x0000_1000.

Gideon_3-1686992764826.png

I think there is a contradiction between AN5401 and AN4235 regarding Secure boot. My question is whether there is an interface in CSEc to specify the position and size of the verification area (such as the bootloader) during Secure boot?

 

 

0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎06-19-2023 05:01 AM
2,418件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @Gideon 

the start address is fixed to 0x0 on S32K1 devices. This is allowed by SHE specification.
"SHE_BL_START - Address of the first byte of the bootloader. The address might be fixed for certain CPU architectures or it might be stored in internal or external memory"

There's following workaround for this scenario: Create small primary bootloader which will be placed to address 0x0 and which will be covered by standard secure boot. This primary bootloader then should check CMAC of secondary bootloader in data flash. If it is correct, it can jump to the secondary bootloader. This will create a chain of trust.

Regards,
Lukas

元の投稿で解決策を見る

0 件の賞賛
返信
1 返信

ソリューションへジャンプ
‎06-19-2023 05:01 AM
2,419件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @Gideon 

the start address is fixed to 0x0 on S32K1 devices. This is allowed by SHE specification.
"SHE_BL_START - Address of the first byte of the bootloader. The address might be fixed for certain CPU architectures or it might be stored in internal or external memory"

There's following workaround for this scenario: Create small primary bootloader which will be placed to address 0x0 and which will be covered by standard secure boot. This primary bootloader then should check CMAC of secondary bootloader in data flash. If it is correct, it can jump to the secondary bootloader. This will create a chain of trust.

Regards,
Lukas

0 件の賞賛
返信