FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

RT6xx secure boot

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

RT6xx secure boot

‎07-31-2023 05:27 AM
394 Views
yoeinhor
Contributor I

Hello,

 

I am working on converting RT6xx systems from normal boot to secure boot with plain signed non-XIP images in the field, and have a couple of questions:

1. OTP_MASTER_KEY: Is this OTP necessary? Why? I saw it is set by the secure provisioning tool but I don't see a reason for it.

2. Are there any implications to flashing an image with the "image_type" field set to "plain signed non-XIP (0x1)" while secure boot is not enabled in the OTP? Following the boot process diagram in the manual, it seems like the bootloader ROM will treat it the same way as non-signed images, but I need to make sure this is the case.

 

Thanks.

 

Labels (1)
Labels
0 Kudos
Reply
1 Reply

‎08-31-2023 11:20 PM
332 Views
diego_charles
NXP TechSupport
NXP TechSupport

Hi @yoeinhor 

I am sorry for not getting back to you on time, but, regarding your questions. 

1 No, the OTP_MASTER_KEY is not necesary for plain signed images . Its use is described at AN12079 which is under secure access.

2 The implication that I see is that for booting a signed image, you will need to provide a ROM the keys/root certicate in the key store area, instead of the OTPs.

diego_charles_0-1693549160906.png

 

 
 

All the best, 

Diego

0 Kudos
Reply