encrypt image

solted_squid · ‎03-22-2022

Hi

I have MIMXRT1170-EVK. i build some application using IAR. XIP: no, start from RAM. Then i run MCUXpresso Secure Provisioning, generate keys, choose boot type as Authenticated (HAB) and build bootable image. I get signed image and that's fine and works well. But there is one strange thing. As long as i use external flash in addition to signing i want to encrypt my image. And i can't figure out how to do it.

I went through a pile of documents and found only that i must use dek.bin and then write down it in SEC_CSF_INSTALL_SECRET_KEY section in *.bd file. And it's says "it is random generated automatically by the HAB encrypted tool". But there isn't any dek file.

Well, I'm obviously doing something wrong. What?

And I have a really big favor to ask. Please, do not send me just a links to manuals. I went deep diving through manuals. Just point me in right direction in simple terms and i will try to dig out the rest.

Thank you

jeremyzhou · ‎03-22-2022

Hi,
Thank you for your interest in NXP Semiconductor products and for the opportunity to serve you.
After implementing the HAB secured boot, it seems that you want to encrypt the image, and the application runs in the RAM, is my understanding right?
If yes, the RT117x hasn't supported this boot mode.
Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

solted_squid · ‎03-23-2022

Thank you for replying

"After implementing the HAB secured boot, it seems that you want to encrypt the image, and the application runs in the RAM, is my understanding right? If yes, the RT117x hasn't supported this boot mode"

Yes, You're absolutely right. But it's a catastrophe for me. How, in this case, can i protect my image storing in external flash?

Can i encrypt my image in case of XIP?

Sorry, but i am blown away right now.

Thank you

jeremyzhou · ‎03-23-2022

Hi @solted_squid ,
Thanks for your reply.
1) Can I encrypt my image in case of XIP?
-- Yes, and I also recommend you to do that, and Encrypt XIP mode is available to combine the HAB boot feature adds security level.
Moreover, it's easy to do it via the MCUXpresso Secure Provisioning tool.

Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

solted_squid · ‎03-24-2022

Hi

Your picture certainly looks good but my picture is quite different

jeremyzhou · ‎03-24-2022

Hi,
Thanks for your reply.
Please update MCUXpresso Secure Provisioning to the latest version, then give it a try again.
Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------