[Security] CSEC verification failure handling

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

[Security] CSEC verification failure handling

跳至解决方案
1,041 次查看
Gideon
Contributor III

Dear NXPs:

 

 

background:

CMD_BOOT_DEFINE→BootManager 6KB Use CSEC's secureboot mechanism for verification.

The secondary verification area is Flex NVM Bootloader;

The area of third-level verification is Application;

Use CSEC's secureboot mechanism to verify the BootManager image. Select A. Sequential Boot Mode during the development phase; select B. Strict Sequential Boot Mode during the mass production phase.

Question:

Q1: We learned from AN5401 that no matter you choose A or B, when the Secureboot verification fails, the chip will cycle through Reset to execute the ROM verification code. As a result, the device cannot enter the normal application. Unable to boot errors may also occur after mass production. To facilitate investigation, how can I eliminate secureboot issues? The CSEC module does not seem to output some debugging information.

0 项奖励
回复
1 解答
1,023 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @Gideon 

strict sequential secure boot mode is highest possible protection. If this mode fails, the device will never leave reset state, there's no way to recover and you can't get any debugging information.
If sequential boot mode fails, the only effect is that the application can't use boot protected keys. Everything else will work. You can attach a debugger and investigate the reason.

Regards,
Lukas

在原帖中查看解决方案

0 项奖励
回复
1 回复
1,024 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @Gideon 

strict sequential secure boot mode is highest possible protection. If this mode fails, the device will never leave reset state, there's no way to recover and you can't get any debugging information.
If sequential boot mode fails, the only effect is that the application can't use boot protected keys. Everything else will work. You can attach a debugger and investigate the reason.

Regards,
Lukas

0 项奖励
回复