FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Secure boot process

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Secure boot process

Jump to solution
‎06-17-2023 02:16 AM
2,458 Views
Gideon
Contributor III

My Flash map like this: refer to AN12218

locationGideon_0-1686991707792.png

 

I wish to implement the following sequence:refer to S32k-RM.pdf

Gideon_1-1686991948578.png

 

According to the AN4235.pdf scheme, verify the Bootloader area using the Secure boot mechanism (I know how to use the CSEc module) at Power ON. 

Gideon_2-1686992285600.png

The Flash address is set to 0x1000_0000 and Length is set to 16K (the expected Bootloader size) as shown in the red box above, and I can achieve my goal, but now I cannot find such a function interface,I found the interface CSEC_DRV_BootDefine in the SDK, but it cannot specify the Flash address。

In AN5401, it is described that once secure boot is configured, on every reset, the autonomous secure boot runs on the Program Flash block starting at address '0' and finishes at BOOT_SIZE number of bits. If BOOT_SIZE is specified as 4K, then the FLASH area verified by Secure boot is 0x0000_0000-0x0000_1000.

Gideon_3-1686992764826.png

I think there is a contradiction between AN5401 and AN4235 regarding Secure boot. My question is whether there is an interface in CSEc to specify the position and size of the verification area (such as the bootloader) during Secure boot?

 

 

0 Kudos
Reply
1 Solution

Jump to solution
‎06-19-2023 05:01 AM
2,415 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @Gideon 

the start address is fixed to 0x0 on S32K1 devices. This is allowed by SHE specification.
"SHE_BL_START - Address of the first byte of the bootloader. The address might be fixed for certain CPU architectures or it might be stored in internal or external memory"

There's following workaround for this scenario: Create small primary bootloader which will be placed to address 0x0 and which will be covered by standard secure boot. This primary bootloader then should check CMAC of secondary bootloader in data flash. If it is correct, it can jump to the secondary bootloader. This will create a chain of trust.

Regards,
Lukas

View solution in original post

0 Kudos
Reply
1 Reply

Jump to solution
‎06-19-2023 05:01 AM
2,416 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @Gideon 

the start address is fixed to 0x0 on S32K1 devices. This is allowed by SHE specification.
"SHE_BL_START - Address of the first byte of the bootloader. The address might be fixed for certain CPU architectures or it might be stored in internal or external memory"

There's following workaround for this scenario: Create small primary bootloader which will be placed to address 0x0 and which will be covered by standard secure boot. This primary bootloader then should check CMAC of secondary bootloader in data flash. If it is correct, it can jump to the secondary bootloader. This will create a chain of trust.

Regards,
Lukas

0 Kudos
Reply