s32k3 HSE BSB IVT question

victory · ‎08-28-2024

Hi NXP,

for S32K3 basic secure boot, it related to IVT configuration, here is 2 question:

1. IVT has cm7_0_reset_address and APPBL address, if both address are valid, mcu how to determine which one to run?

2. IVT header and app_bl both have AuthTag, is IVT_AUTH is set, is both GMAC tag required or optional?

thanks.

davidtosenovjan · ‎08-29-2024

1) AppBL is an authenticated application image, that can run in the host instead of the Apps.
The "Apps" are the first executable to run in the host during normal operation after reset. Alternatively, "AppBL" can run in the host after HSE verification.
And Basic Secure Boot supports booting one target core (AppBL).

2) Seem to be required.

3) If you are in basic secure mode and you have configured one target core, you should boot with "AppBL" address.

View solution in original post

davidtosenovjan · ‎08-29-2024

1) AppBL is an authenticated application image, that can run in the host instead of the Apps.
The "Apps" are the first executable to run in the host during normal operation after reset. Alternatively, "AppBL" can run in the host after HSE verification.
And Basic Secure Boot supports booting one target core (AppBL).

2) Seem to be required.

3) If you are in basic secure mode and you have configured one target core, you should boot with "AppBL" address.

victory · ‎08-29-2024

i set ivt appbl (0ffset 0x30) and have valid appbl header and app code, after reset, mcu run the boot code(0x400000), not jump to 0x501fc0 (appbl) code.

victory · ‎08-31-2024

appbl address valid, and ivt header set BOOTSEQ, it run appbl instead of CM7_0 address.

victory · ‎08-31-2024

appbl address valid + appbl taged + ivt header set BOOTSEQ, it run appbl instead of CM7_0 address.