s32k3 hse basic secure boot protect problem?

1,201 Views

Hi Nxp,

i'm checking the hse basic secure boot function. i am wondering if it could be dis-functional (someone modified flash and run another program), here is my question:

1. if IVT set both CM7_0 and APPBL address, how MCU determine jump to CM7 start address or APPBL start address?

2. is BSB activated by IVT BOOTSEQ bit, if not how to activated BSB?

3. how to enable HSE check IVT GMAC?

4. based on Q2, if someone changed the IVT, not set the BOOTSEQ bit, then he could run its own program, hse will not check ivt anymore?

1 Solution

1,159 Views

it depends on BOOT_SEQ:

To check IVT GMAC, it's necessary to enable IVT_AUTH:

This eliminate problems with IVT changes.

Regards,

Lukas

View solution in original post

1 Reply

1,160 Views

it depends on BOOT_SEQ:

To check IVT GMAC, it's necessary to enable IVT_AUTH:

This eliminate problems with IVT changes.

Regards,

Lukas

%3CLINGO-SUB%20id%3D%22lingo-sub-1941089%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3Es32k3%20hse%20basic%20secure%20boot%20protect%20problem%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1941089%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%20Nxp%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20i'm%20checking%20the%20hse%20basic%20secure%20boot%20function.%26nbsp%3B%20i%20am%20wondering%20if%20it%20could%20be%20dis-functional%20(someone%20modified%20flash%20and%20run%20another%20program)%2C%26nbsp%3B%20here%20is%20my%20question%3A%3C%2FP%3E%3CP%3E1.%20if%20IVT%20set%20both%20CM7_0%20and%20APPBL%20address%2C%20how%20MCU%20determine%20jump%20to%20CM7%20start%20address%20or%20APPBL%20start%20address%3CSPAN%3E%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E2.%20is%20BSB%20activated%20by%20IVT%20BOOTSEQ%20bit%2C%20if%20not%26nbsp%3B%20how%20to%20activated%20BSB%3F%3C%2FP%3E%3CP%3E3.%20how%20to%20enable%20HSE%20check%20IVT%20GMAC%3F%3C%2FP%3E%3CP%3E4.%20based%20on%20Q2%2C%20if%20someone%20changed%20the%20IVT%2C%20not%20set%20the%20BOOTSEQ%20bit%2C%20then%20he%20could%20run%20its%20own%20program%2C%20hse%20will%20not%20check%20ivt%20anymore%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1943667%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20s32k3%20hse%20basic%20secure%20boot%20protect%20problem%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1943667%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F234378%22%20target%3D%22_blank%22%3E%40victory%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eit%20depends%20on%20BOOT_SEQ%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22lukaszadrapa_0-1724946115013.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22lukaszadrapa_0-1724946115013.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296104i4FB748E17B58F17F%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22lukaszadrapa_0-1724946115013.png%22%20alt%3D%22lukaszadrapa_0-1724946115013.png%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22lukaszadrapa_1-1724946120491.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22lukaszadrapa_1-1724946120491.png%22%20style%3D%22width%3A%20190px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296105iF64510D7A28697C8%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22lukaszadrapa_1-1724946120491.png%22%20alt%3D%22lukaszadrapa_1-1724946120491.png%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3ETo%20check%20IVT%20GMAC%2C%20it's%20necessary%20to%20enable%20IVT_AUTH%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22lukaszadrapa_2-1724946254679.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22lukaszadrapa_2-1724946254679.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296106i810DFFCAF29EAB5E%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22lukaszadrapa_2-1724946254679.png%22%20alt%3D%22lukaszadrapa_2-1724946254679.png%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22lukaszadrapa_3-1724946261729.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22lukaszadrapa_3-1724946261729.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296107i480300A8A0A3C8E1%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22lukaszadrapa_3-1724946261729.png%22%20alt%3D%22lukaszadrapa_3-1724946261729.png%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThis%20eliminate%20problems%20with%20IVT%20changes.%3C%2FP%3E%0A%3CP%3ERegards%2C%3C%2FP%3E%0A%3CP%3ELukas%3C%2FP%3E%3C%2FLINGO-BODY%3E