MIMXRT1040 - Application doesn't start when Secured.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MIMXRT1040 - Application doesn't start when Secured.

Jump to solution
1,411 Views
riccardo_carlot
Contributor III

Hello,

I've a couple of issues about the security on my XRT1040. I'm working with the EVK.MIMXRT1040.

I'm creating my L2BOOT but now, to make it easy, I turned it in a very simple led toggle code. 

 

riccardo_carlot_0-1703425773382.png

This is my flash configuration:

- BOARD FLASH area in which i put the application code
- ENCRYPTED AREA where I want to save some data that I want to encrypt with OTPMK

riccardo_carlot_1-1703425848248.png

Basically I'm in this situation, I have a large amount of empty flash between my boot code area and the area I reserved for encryption. 

riccardo_carlot_3-1703425998493.png

As I already mentioned, I want the Encrypted area to be encrypted with the OTPMK, but I want also the authentication of the boot image, so this is how I set up the Provisioning Tool:

riccardo_carlot_4-1703426229646.png

After this, I loaded the application on my EVK and, after the reset, the application start as expected (just a simple toggle of the the green led). 

Now my problems:

  1. I read the entire memory content using the Flash Programmer utility in the Provisioning Tool. What I saw is an encrypted region, at addres 0x607F8000, larger than the lenght I set in the building image settings. Why this difference?
    riccardo_carlot_6-1703426903650.png

     

    2. After the previous procedere my boot applications starts properly. But, when I try to write some datas in my empty area (the space between the end of my application and the beggining of the encrypted area) the application doens't start. 
    For example, if I write just a simple value at address 0x6005E000 and then I restart the device, my boot application doesn't start the execution (it's easy to see since it is a simple toggle led example)

    riccardo_carlot_7-1703427216169.png

    I suppose that the problem regards the HAB and the authentication process of the image. But this space should be outside my application code, so it shouldn't be interested about the HAB process...

It would be very appreciated your help.

Regards 

 

 

 

 

0 Kudos
Reply
1 Solution
1,150 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @riccardo_carlot ,

 

Sorry! My bad! The correct process should be:

1. Erase All

2. Write image via SPT

3. Program the encrypted area via SPT's Flash Program Tool

4. Verify/read the encrypted area via SPT's Flash Program Tool

 

Hope that helps,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

 

View solution in original post

0 Kudos
Reply
10 Replies
1,380 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @riccardo_carlot ,

 

May I have the bin files for led toggle code as well as the one for  encrypted area? I will try to reproduce this issue here with EVK.MIMXRT1040.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

0 Kudos
Reply
1,369 Views
riccardo_carlot
Contributor III

Hello @Kan_Li ,

 

thank you for the interest on my problem. 

Here attached the .bin of the toogle example. This is the flash configuration of the project:

riccardo_carlot_0-1703586427069.png

In the ENCRYPTED AREA I saved just some dummy values.

 

Thank you.

Riccardo

 

Tags (1)
0 Kudos
Reply
1,292 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @riccardo_carlot ,

 

Looking into your bin file, seems it occupies the encrypted area till 0x60800000, so HAB calculated all the areas , and even you just modified somewhere inside the empty area , the boot would fail. I think it was due to you defined encrypted area in the IDE, actually you may just let the SPT define this region for BEE, and let IDE only generate the application image that is signed by HAB, and in that case HAB will not take the empty area into consideration.

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

0 Kudos
Reply
1,261 Views
riccardo_carlot
Contributor III

Hello @Kan_Li 

sorry for the .bin file. I think the attached one is correct. It contains dummy data at 0x607f8000.

Yes I'm usign the .axf to buil the image, but I tried with the .bin too.

 Actually the SPT is able to make Authentication and Encryption all together (using OTPMK).

Perhaps, the solutions should come in two step:

1 - Build and Load the Authenticated L2BOOT 

2- Load the Encrypted area

 

In this way the SPT should not take in account the space in the middle ot the two areas. But it seems not possible the Encryption with OTPMK without HAB.

 

Regards

 

 

 

 

0 Kudos
Reply
1,254 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @riccardo_carlot ,

 

Yes, your understanding is correct. Only when HAB is enabled the OTPMK can be used, but the steps for implementation should be :

1. Load plain text data into the encrypted area with the help of SPT's flash program tool.(make sure it is 16B aligned)

2. Build and Load the BEE OTPMK Authenticated L2BOOT image by SPT which defines the encrypted area is set to 0x607f8000 and length is 0x1000. (Because the encrypted area does not cover L2BOOT, so it will not influence the authentication. And the preload encrypted area will not erase.)  

 

Hope that helps,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply
1,248 Views
riccardo_carlot
Contributor III

Hello @Kan_Li ,

 

following your suggestion I should load the plain text in the encrypted area first, then I should activate the decryption when I load the L2 BOOT in a region outside the project boundaries ( @0x607f8000).
Maybe this procedure could avoid the HAB failure, but who make the Encryption of the plain text I saved in the encrypted region with OTPMK?  

 

Thank you

Regards 

0 Kudos
Reply
1,246 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @riccardo_carlot ,

 

DCP does the encryption during the 2nd step since you are using OTPMK, and you may test it as below:

1. erase all

2. do the 2nd step - after this the encrypted area starting @0x607f8000 is still FF

3. modify some content in the encrypted area by the flash program tool from SPT, it could be 00,11,22,,etc.

4. do the 2nd step again, then you will have the cipher text in the encrypted area.

DCP encryption can also be triggered in the application.  Please refer to evkmimxrt1040\driver_examples\dcp for more details.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

 

 

0 Kudos
Reply
1,222 Views
riccardo_carlot
Contributor III

Hello @Kan_Li,

I tried your suggestion:

1- Erase all, then load the plain text on the encrypted area (some dummy 0x47 data at 0x607FC000)

riccardo_carlot_0-1704957929147.png

 

2 Execute the SPT procedure to load L2BOOT setting the ecryption area at the same address 0x607fc000

riccardo_carlot_1-1704958002204.png

 

After this, the content in the encrypted area (0x607fc000) didn't change. It seems the encryption didn't work on a region outside the L2BOOT memory definition:

riccardo_carlot_2-1704958131767.png

 

Riccardo

0 Kudos
Reply
1,151 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @riccardo_carlot ,

 

Sorry! My bad! The correct process should be:

1. Erase All

2. Write image via SPT

3. Program the encrypted area via SPT's Flash Program Tool

4. Verify/read the encrypted area via SPT's Flash Program Tool

 

Hope that helps,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

 

0 Kudos
Reply
1,299 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @riccardo_carlot ,

 

Did you import the axf file instead of the bin file? Actually I converted it into bin file and then import it in the Build image tab, with the same configuration, and wirte the image into RT1040 for the first time, but found the area started from 0x607f8000 contains 0xFF only, but if you use the flash program tool to modify some data within this area and write the image again, you will have the encrypted area from 0x607f8000 to 0x607f9000, I will check later if it was due to BEE ignore an just erased space . 

BTW, changing the data within the empty area would not affect app booting. 

 

If the problem is still there, is it possible to fetch the content in the flash and send to us for analyzation?

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

0 Kudos
Reply