帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

RT6xx secure boot

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

RT6xx secure boot

‎07-31-2023 05:27 AM
858 次查看
yoeinhor
Contributor I

Hello,

 

I am working on converting RT6xx systems from normal boot to secure boot with plain signed non-XIP images in the field, and have a couple of questions:

1. OTP_MASTER_KEY: Is this OTP necessary? Why? I saw it is set by the secure provisioning tool but I don't see a reason for it.

2. Are there any implications to flashing an image with the "image_type" field set to "plain signed non-XIP (0x1)" while secure boot is not enabled in the OTP? Following the boot process diagram in the manual, it seems like the bootloader ROM will treat it the same way as non-signed images, but I need to make sure this is the case.

 

Thanks.

 

标签 (1)
标签
0 项奖励
回复
1 回复

‎08-31-2023 11:20 PM
796 次查看
diego_charles
NXP TechSupport
NXP TechSupport

Hi @yoeinhor 

I am sorry for not getting back to you on time, but, regarding your questions. 

1 No, the OTP_MASTER_KEY is not necesary for plain signed images . Its use is described at AN12079 which is under secure access.

2 The implication that I see is that for booting a signed image, you will need to provide a ROM the keys/root certicate in the key store area, instead of the OTPs.

diego_charles_0-1693549160906.png

 

 
 

All the best, 

Diego

0 项奖励
回复