FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

s32k3 basic secure boot, how's the root of trust?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

s32k3 basic secure boot, how's the root of trust?

Jump to solution
‎07-23-2024 03:51 AM
1,245 Views
victory
Contributor V

从文档中看是修改IVT的BOOT_SEQ,进入安全启动。那如果别人再修改flash中的IVT,去掉BOOT_SEQ,是否就可以绕过安全启动,从bootloader开始就是篡改的代码了?

Based on the documentation, it seems that modifying the BOOT_SEQ in the IVT enables secure boot. However, if someone else modifies the IVT in the flash memory and removes the BOOT_SEQ, could they bypass secure boot and start running tampered code from the bootloader?

Tags (1)
0 Kudos
Reply
1 Solution

Jump to solution
‎07-24-2024 05:01 AM
1,223 Views
davidtosenovjan
NXP TechSupport
NXP TechSupport

HSE offers functionality for this:

‘The IVT can protect the IVT content to against unauthorized changes based on the service “BOOT_DATA_SIGN”, which works like the BSB mode. The authentication tag is computed and appended to the end of the IVT. To enable IVT authentication, the one-time programmable HSE system attribute IVT_AUTH must be set to 1.’

View solution in original post

0 Kudos
Reply
1 Reply

Jump to solution
‎07-24-2024 05:01 AM
1,224 Views
davidtosenovjan
NXP TechSupport
NXP TechSupport

HSE offers functionality for this:

‘The IVT can protect the IVT content to against unauthorized changes based on the service “BOOT_DATA_SIGN”, which works like the BSB mode. The authentication tag is computed and appended to the end of the IVT. To enable IVT authentication, the one-time programmable HSE system attribute IVT_AUTH must be set to 1.’

0 Kudos
Reply