Hello,
I've a couple of issues about the security on my XRT1040. I'm working with the EVK.MIMXRT1040.
I'm creating my L2BOOT but now, to make it easy, I turned it in a very simple led toggle code.
This is my flash configuration:
- BOARD FLASH area in which i put the application code
- ENCRYPTED AREA where I want to save some data that I want to encrypt with OTPMK
Basically I'm in this situation, I have a large amount of empty flash between my boot code area and the area I reserved for encryption.
As I already mentioned, I want the Encrypted area to be encrypted with the OTPMK, but I want also the authentication of the boot image, so this is how I set up the Provisioning Tool:
After this, I loaded the application on my EVK and, after the reset, the application start as expected (just a simple toggle of the the green led).
Now my problems:
2. After the previous procedere my boot applications starts properly. But, when I try to write some datas in my empty area (the space between the end of my application and the beggining of the encrypted area) the application doens't start.
For example, if I write just a simple value at address 0x6005E000 and then I restart the device, my boot application doesn't start the execution (it's easy to see since it is a simple toggle led example)
I suppose that the problem regards the HAB and the authentication process of the image. But this space should be outside my application code, so it shouldn't be interested about the HAB process...
It would be very appreciated your help.
Regards
解決済! 解決策の投稿を見る。
Hi @riccardo_carlot ,
Sorry! My bad! The correct process should be:
1. Erase All
2. Write image via SPT
3. Program the encrypted area via SPT's Flash Program Tool
4. Verify/read the encrypted area via SPT's Flash Program Tool
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @riccardo_carlot ,
May I have the bin files for led toggle code as well as the one for encrypted area? I will try to reproduce this issue here with EVK.MIMXRT1040.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @riccardo_carlot ,
Looking into your bin file, seems it occupies the encrypted area till 0x60800000, so HAB calculated all the areas , and even you just modified somewhere inside the empty area , the boot would fail. I think it was due to you defined encrypted area in the IDE, actually you may just let the SPT define this region for BEE, and let IDE only generate the application image that is signed by HAB, and in that case HAB will not take the empty area into consideration.
Hope that makes sense,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hello @Kan_Li
sorry for the .bin file. I think the attached one is correct. It contains dummy data at 0x607f8000.
Yes I'm usign the .axf to buil the image, but I tried with the .bin too.
Actually the SPT is able to make Authentication and Encryption all together (using OTPMK).
Perhaps, the solutions should come in two step:
1 - Build and Load the Authenticated L2BOOT
2- Load the Encrypted area
In this way the SPT should not take in account the space in the middle ot the two areas. But it seems not possible the Encryption with OTPMK without HAB.
Regards
Hi @riccardo_carlot ,
Yes, your understanding is correct. Only when HAB is enabled the OTPMK can be used, but the steps for implementation should be :
1. Load plain text data into the encrypted area with the help of SPT's flash program tool.(make sure it is 16B aligned)
2. Build and Load the BEE OTPMK Authenticated L2BOOT image by SPT which defines the encrypted area is set to 0x607f8000 and length is 0x1000. (Because the encrypted area does not cover L2BOOT, so it will not influence the authentication. And the preload encrypted area will not erase.)
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hello @Kan_Li ,
following your suggestion I should load the plain text in the encrypted area first, then I should activate the decryption when I load the L2 BOOT in a region outside the project boundaries ( @0x607f8000).
Maybe this procedure could avoid the HAB failure, but who make the Encryption of the plain text I saved in the encrypted region with OTPMK?
Thank you
Regards
Hi @riccardo_carlot ,
DCP does the encryption during the 2nd step since you are using OTPMK, and you may test it as below:
1. erase all
2. do the 2nd step - after this the encrypted area starting @0x607f8000 is still FF
3. modify some content in the encrypted area by the flash program tool from SPT, it could be 00,11,22,,etc.
4. do the 2nd step again, then you will have the cipher text in the encrypted area.
DCP encryption can also be triggered in the application. Please refer to evkmimxrt1040\driver_examples\dcp for more details.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hello @Kan_Li,
I tried your suggestion:
1- Erase all, then load the plain text on the encrypted area (some dummy 0x47 data at 0x607FC000)
2 Execute the SPT procedure to load L2BOOT setting the ecryption area at the same address 0x607fc000
After this, the content in the encrypted area (0x607fc000) didn't change. It seems the encryption didn't work on a region outside the L2BOOT memory definition:
Riccardo
Hi @riccardo_carlot ,
Sorry! My bad! The correct process should be:
1. Erase All
2. Write image via SPT
3. Program the encrypted area via SPT's Flash Program Tool
4. Verify/read the encrypted area via SPT's Flash Program Tool
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @riccardo_carlot ,
Did you import the axf file instead of the bin file? Actually I converted it into bin file and then import it in the Build image tab, with the same configuration, and wirte the image into RT1040 for the first time, but found the area started from 0x607f8000 contains 0xFF only, but if you use the flash program tool to modify some data within this area and write the image again, you will have the encrypted area from 0x607f8000 to 0x607f9000, I will check later if it was due to BEE ignore an just erased space .
BTW, changing the data within the empty area would not affect app booting.
If the problem is still there, is it possible to fetch the content in the flash and send to us for analyzation?
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------