FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to update KW45 application firmware in different Lifecycles?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to update KW45 application firmware in different Lifecycles?

3 weeks ago
242 Views
Liyn
Contributor I

KW45   SPSDK 

Can KW45 update application firmware by ISP when KW45 lifecycle is "OEM SECURE WORLD CLOSED"? 

I use SPSDK to generate the RoTKTH and SB3KDK, and program the keys to KW45 fuse. I have confirmed RoTKTH and SB3KDK that I programed are correct. The way I confirm the keys in KW45 is that I create the NBU sb3 image using RoTKTH and SB3KDK I generated and write the NBU sb3 image in KW45 through ISP, then I make a "Wireless Uart" demo firmware sb3 image using the same RoTKTH and SB3KDK and program the demo image in KW45. When finishing the operating above, KW45 can execute the "Wireless Uart" demo normally and I can scan the BLE advertisement with the device name "NXP_WU".

After that, I want to test the secure boot function of KW45, so I change the lifecycle of the KW45 to "OEM SECURE WORLD CLOSED". But KW45 don't jump to the "Wireless Uart" demo firmware in its M33 flash and run the ROM Bootloader only, and I can't program the application firmware to KW45 by ISP. I always receive the  sitring "Response status = 10001 (0x2711) Security Violation" when I try to use SPSDK to update the application firmware by ISP. And I get the same response status code when I use the fuse-program command to enable the TrustZone that I forget to enable before I change the lifecycle of KW45.

I test in my customized KW45 board with a new KW45 chip.

Is the way that I change the KW45 lifecycle right?  How to update KW45 application firmware in different Lifecycles?

 

 

 

KW45
KW45
Bluetooth Low Energy
VIEW PRODUCT PAGE
SPSDK
SPSDK
Development Software
VIEW PRODUCT PAGE
Labels (1)
Labels
0 Kudos
Reply
5 Replies

3 weeks ago
220 Views
nxf77486
NXP TechSupport
NXP TechSupport

Hello,

 

Thank you for contacting NXP support.

Please find the following application note that you will find useful. This application note describes the life-cycle stages, how to access the, the limitations of the life-cycles, and how to transition.

An important note is that sine fuses control the life-cycle state, moving to a more advanced state is an irreversible and permanent process.

Please let me know if you have any other question or if you require any extra detail.

0 Kudos
Reply

3 weeks ago
201 Views
Liyn
Contributor I

Thank you for your answer!

Is it enough for KW45 secure boot with only a RoTKTH and a SB3KDK in fuse? Dose it need the other keys?

Now my "OEM_SECURE_WORLD_CLOSED" lifecycle KW45 can't run the application in flash that downloaded using ISP.  Which key will be used when KW45 secure boot in "OEM_SECURE_WORLD_CLOSED" lifecycle as the figure shows blow?

Does the sb3 file need to change the firmware version value when generating using SPSDK?

Liyn_1-1717755175768.png

 

0 Kudos
Reply

3 weeks ago
188 Views
nxf77486
NXP TechSupport
NXP TechSupport

Hello,

 

For the image send I understand that you ae following the guide for secure boot and this is great reference, but is also important to note that this examples and test cases present on the application note are using a life-cycle on OEM Open.

And it is also important to note that the ISP commands that can be used with

OEM_SECURE_WORLD_CLOSED are limited, I would like to know how did you downloaded the image with ISP commands this could be the reason why the image is not running as it should.

0 Kudos
Reply

2 weeks ago
111 Views
Liyn
Contributor I

Hi,

I pull up the Boot_CFG pin of the KW45 whose lifecycle is OEM_SECURE_WORLD_CLOSED and reset it to make it enter the ROM Bootloader. Then I use SPSDK to execute the command like "blhost $UART_CONNECTION receive-sb-file $SB31_FILE_FINAL".

The SPSDK prompt "Response status = 0 (0x0) Success." when the sb3 file is transfered completed.  But the application cannot be executed and the chip always run the ROM Bootloader after I pull down the Boot_CFG pin and reset it.

Do you mean that KW45 application firmware can't be updated with ISP Commands when lifecycle of KW45 is OEM_SECURE_WORLD_CLOSED, like the figure expained blow?  How can I run the application firmware when the KW45 change lifecycle to  OEM_SECURE_WORLD_CLOSED.

Liyn_0-1718083502561.png

 

0 Kudos
Reply

2 weeks ago
93 Views
nxf77486
NXP TechSupport
NXP TechSupport

Hello,

I appreciate the clarification, can we please try instead of the command line, with the Secure Provisioning Tool, to write the image this will also let us know in a clear view the fuses and the life cycle mode.

This tool help us build the image also, please help me by testing with this mode to see if the application can properly work.

Also before beginning the application please help me test the UART connection with the ISP mode activated, just to make sure that the connection is properly working.

I would also attached the User Guide in the chapter 5.2 is explained how to build the image and in the chapter 5.3 how to write this image.

Please let me know the results.

0 Kudos
Reply