FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Secure boot and file system in external serial flash

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Secure boot and file system in external serial flash

‎11-10-2022 02:07 AM
737 Views
kotalamit
Contributor III

Hi, 

We are working on a IMXRT1170 project wherein we wish to use a serial flash memory to for secure boot and also have a partition of file system to store gui and other config files.

My query is whether this approach of using a single flash memory for secure boot and user file system a valid approach. 

Additionally, are there any reference resources for this; such as fatfs type of file system for serial flash memory available from nxp.

 

Regards,

Amit Kotal

Labels (1)
Labels
0 Kudos
Reply
4 Replies

‎01-18-2023 05:13 AM
625 Views
kotalamit
Contributor III

Hi Omar,
Thank you sharing the in depth details earlier;

Further to my earlier queries, I would like to confirm my understanding of the below theory.

For our purpose, we need to run our application code from Ext. Flash in XIP Mode, In addition we plan to use LittleFS as file system for generic file read/write operations in the code free area of our Ext. Flash.

1. To make the above scenario work, flash related drivers and the middleware wrt to the LittleFS should be executed from OCRAM and also care should be taken to avoid any XiP access during the FS operation.

2. Since our application will be using Freertos, so other than task critical locks, are there any other overheads that we may need to take care of.

3. Additional query, can you direct towards any info about handling the FS Mount operation, if the read only files are already loaded in the Ext. Flash using external flash tools as MCU Boot Utility.

Regards,

Amit K

0 Kudos
Reply

‎11-14-2022 05:00 PM
715 Views
Omar_Anguiano
NXP TechSupport
NXP TechSupport

Hello!
I hope you are well.

It is possible to share the flash to execute code and store data but you need to execute the drivers in RAM and stop any other XiP access during such operations.
So it is important to use Non-XIP mode so after boot the code runs in RAM and the remaining space can be used for the file system.

Fortunately, the example that we have on our SDK (flexspi_nor_polling_transfer) already does this. This is accomplished thanks to the files located in the linkscritps folder. To learn more about how this works, please refer to section 17.15 of the MCUXpresso IDE User Guide. 

For a file system, I suggest you refer to our SDK, there you can find the middleware as well as the documentation of a file system.

Best regards,
Omar

0 Kudos
Reply

‎11-16-2022 06:12 AM
705 Views
kotalamit
Contributor III

Hi Omar,

Thanks for sharing the details. 

Based on your input, I have further queries as below;

Since you mentioned about using non-xip mode and running the code from RAM, in our solution we intend to use SDRAM. Can this be done just by modifying the Managed Linker Script settings and enabling the Plain Load Image as BOARD_SDRAM.

As poc we plan to test this using the IMXRT1170 EVK.

Is there any application note or example project that can give a gist about this?

Regards,

Amit Kotal

 

0 Kudos
Reply

‎11-21-2022 03:24 PM
693 Views
Omar_Anguiano
NXP TechSupport
NXP TechSupport

Yes, SDRAM can be used to execute code.
You can refer to this post: RT1050 - Booting from serial NOR flash to SDRAM - NXP Community

You need to first initialize the external SDRAM with a DCD file so it is ready at boot time to copy the image from NOR flash to SDRAM.
The ROM through High Assurance Boot(HAB) validates that the image in flash is valid and allowed to run before copying it to SDRAM.
You can generate the secure image and run it in SDRAM with the Secure Provisioning Tool or MCUBootUtility.

Best regards,
Omar

0 Kudos
Reply