FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

s32k144 csec : Boot Ok Command

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

s32k144 csec : Boot Ok Command

Jump to solution
‎08-26-2021 12:52 AM
1,263 Views
kmh48301
Contributor IV

Hello.

 

I have been studying 'Secure Boot' in csec.

 

In AN5401, Page 20

==========================================================================

If the secure boot process is successful and CMD_BOOT_OK is executed, keys marked as Boot Protected (BOOT_PROT) can
be used by the application code. Otherwise boot protected keys remain locked for application use.

==========================================================================

So my application is checking the secure boot status through "FTFC->FCSESTAT" .

and when boot mac verifying is succeeded, the application calls "CSEC_DRV_BootOK()".

 

And I tested boot protection flag key.

 

But, regardless of calling "CSEC_DRV_BootOK()", I could use the boot protection flag key,

As long as, the boot mac verifying is succeeded.

 

Do i misunderstand AN5401?

 

Thanks

Best regards

Phillip

0 Kudos
Reply
1 Solution

Jump to solution
‎08-27-2021 08:59 AM
1,248 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi Phillip,

I got very fast feedback which confirmed my thoughts. CMD_BOOT_OK is not needed to use boot protected keys and it meets the SHE spec. The sentence in the app note will be updated.

Thanks for pointing this out.

Regards,

Lukas

View solution in original post

0 Kudos
Reply
2 Replies

Jump to solution
‎08-27-2021 08:59 AM
1,249 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi Phillip,

I got very fast feedback which confirmed my thoughts. CMD_BOOT_OK is not needed to use boot protected keys and it meets the SHE spec. The sentence in the app note will be updated.

Thanks for pointing this out.

Regards,

Lukas

0 Kudos
Reply

Jump to solution
‎08-27-2021 04:18 AM
1,255 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi Phillip,

I can see that SHE specification does not explicitly say that CMD_BOOT_OK is needed to unprotect boot protected keys. It is used rather to lock CMD_BOOT_FAILURE command. In my opinion, the behavior you can see complies with the spec and the sentence in the AN is wrong.

But let me double check this. Notice that it will probably take a couple of days.

Regards,

Lukas

 

0 Kudos
Reply