[s32k3] is it possible to re-flash unsecure software after secure boot enabled?

pasa_kevin_y · ‎05-30-2025

Once the hardware is in mass production stage, the secure boot is enabled, LC is OEM_PROD.

Say we found some issue in it, and we want to do some diagnostics.

We have the jtag access, we can re-flash another testing software to it, the entire flash memory will be overwritten, will the chip boot up with the unsecure software? is NXP HSE allow it to happen?

VaneB · ‎06-03-2025

Hi @pasa_kevin_y

When you flash a new application to the device, there is the specific bit in the IVT (Image Vector Table) that controls whether Secure Boot is enabled. If you remove the Secure Boot bit in the IVT, the device will not perform a secure boot. This means the boot process will skip the security checks that normally verify the integrity and authenticity of the application.

BR, VaneB

在原帖中查看解决方案

VaneB · ‎06-03-2025

Hi @pasa_kevin_y

When you flash a new application to the device, there is the specific bit in the IVT (Image Vector Table) that controls whether Secure Boot is enabled. If you remove the Secure Boot bit in the IVT, the device will not perform a secure boot. This means the boot process will skip the security checks that normally verify the integrity and authenticity of the application.

BR, VaneB