IMXRT117x : Considerations for secondary bootloader to enable encrypted XIP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IMXRT117x : Considerations for secondary bootloader to enable encrypted XIP

799 Views
jimmyam
Contributor II

Hi All,

I have a question related to modifications required for IMXRT117x secondary bootloader ( NXP MCUBOOT based) for enabling the encrypted XIP boot (to application) which reside in external serial  QSPI NOR flash. 

Details:

---- My secondary bootloader /SBL (used mainly for firmware upgrade) is based on NXP's MCUBOOT (evkbmimxrt1170_mcuboot_opensource). This resides at address 0x30000000 and can take up to 1MB. I have changed the MCUXpresso project properties such that it would "Link Application to RAM' at startup and would run from SRAM_ITC_CM7. Then this would jump to application (Execute in Place /XIP) which is flashed at address 0x30100000. In case a firmware update required, it then writes/flashes only the new application (starting from 0x30100000) and swaps the image with old one and if everything is good then would upgrade to the new image. All these features work well now.

---- Currently I am evaluating adding digital signature and encryption to both bootloader and application binaries. But I could not find any good reference document/code explaining similar situation. Most of these documentations only explain the BootROM jumping into a single application and a journey from BootROM-> Encrypted & signed Secondary Bootloader -> Encrypted & signed Application is not covered.

My main questions are,

    1) Once the BootROM validates the signature and decrypts the SBL, it would need to jump into the application (which is encrypted now). But for my specific scenario, which is the better option. Would OTFAD work or I need to go for IEE?
2) What are the changes required for the MCUBOOT based secondary bootloader? Do we need to integrate OTFAD/IEE and other possible changes?

Note : Regarding signature validation of the encrypted application from the SBL, I believe that it is possible to validate using ROM functions in HAB like rvt::authenticate_image(). Please correct me if I am wrong.

It would be great if you could answer/point to the right documentation.

iMXRT1170 

Thank you,
Jimmy

Labels (2)
0 Kudos
Reply
0 Replies