- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
OTA update process in iMX8MP evk board running Android 14
08-05-2025
06:28 AM
272 次查看
Manoj_Kumar
Contributor II
Hello @Harvey021
These are our requirements regarding OTA update process.
1. The software should implement Secure Boot to verify software authenticity.
2. The software should support secure OTA updates with encryption.
As per the requirement we have completed Secure boot with HABv4 to get signed images and the board is booting fine without any hab events. Now we need to do secure OTA updates with encryption.
In Android user’s guide
In section 7.1.6.3 Building an OTA package with encrypted boot
It is mentioned that,
Move the encrypted target SPL and bootloader images to the directory of ${MY_ANDROID}/out/target/product/${TARGET_PRODUCT}/obj/UBOOT_COLLECTION/. Override the original target files.
Execute the following command to generate an OTA package, which includes the encrypted SPL and bootloader images.
$ ./imx-make.sh kernel -j4
$ BUILD_ENCRYPTED_BOOT=true make otapackage -j24 IMX_OTA_POSTINSTALL=1
Then the OTA package includes the encrypted SPL and bootloader images. Besides the OTA package, DEK Blobs of SPL and bootloader images need to be provisioned into the device before applying the OTA package.
Here what process we need to follow?
If we copy the signed images generated in the secure boot with HABv4 into the directory of ${MY_ANDROID}/out/target/product/${TARGET_PRODUCT}/obj/UBOOT_COLLECTION/ and generate the OTA package will fulfill our both requirements?
If yes, to generate OTA package can we use this command “BUILD_ENCRYPTED_BOOT=true make otapackage -j24 IMX_OTA_POSTINSTALL=1” or need to modify it to “make otapackage -j24 IMX_OTA_POSTINSTALL=1”?
If not, do we need to follow Encrypted boot with HABv4? But it will encrypt only the boot images, what about the encryption of the OTA update?
For implementing OTA update we are using “SystemUpdaterSample” application with “Lighttpd” server as mentioned in section “7.2.2 Using a customized application to update the Android platform”.
Best regards,
Manoj kumar
1 回复
08-06-2025
02:39 AM
233 次查看
Hi @Manoj_Kumar
BUILD_ENCRYPTED_BOOT cannot be deleted. Without it, the encrypted bootloader will not be compiled into the OTA package. You need to follow the Encrypted boot with HABv4 and then follow the normal OTA process.
Regards
Harvey
