I'm building a second bootloader project which take a reference to AN12064.Second bootloader is plaintext and application code is encrypted.
SW-GP2 is selected as key of BEE region 1.
Just as the AN12064 doing,In function jump_to_application(),second bootloader first decrypt EKIB ,then EPRDB,it works well and I can see the correct PRDB information。But after BEE configuration,it get wrong application entry address and stack pointer.The BEE didn't work,because the application entry address and stack pointer are same as the orignal crypted value in flash.
Fallowing pictures are register information:
Any suggest is appreciated.
Best regards.
Solved! Go to Solution.
Hi,
If you want to set multi-encrypted regions, it should indeed set these regions instead of keeping the default value.
So it's not a bug.
Have a great day,
TIC
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @longxing ,
Thank you for your interest in NXP Semiconductor products and for the opportunity to serve you.
To be prudent, I was wondering if you can illustrate the testing steps you did, further, I'd like to what modification you did with the source code with the AN12604
TIC
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
hi,
I already have solved the problem.The reason leading to this problem is that i only use region 1 of BEE(just follow suggestion of AN12064),and didn't configure region 0.In bl_nor_encrypt_bee.c,i found following code:
uint32_t bee_region_index = 0;
while (bee_region_index < 2)
{
prot_region_block_info_t *plain_block_info = &s_img_gen_ctx.plain_block_info[bee_region_index];
if ((addr > (plain_block_info->prdb.encrypt_region.end - 1)) ||
((addr + size) <= plain_block_info->prdb.encrypt_region.start))
{
bee_region_index++;
}
else
{
break;
}
}
if (bee_region_index > 1)
{
break;
}
the if statement will be true when encrypt_region[0].end = 0 and encrypt_region[0].start = 0(encrypt_region[0].end = 0 and encrypt_region[0].start = 0 are the default state when region 0 is not configured),so bootloader will use region 0 to encrypt code.Of course,it failed using region 1 to decrypt.
Is this a bug? or Must use region 0 first?
Hi @longxing ,
Thanks for your reply.
1) Is this a bug? or Must use region 0 first?
-- Actually, I'm not clear with this question, whether you can clarify it again.
Have a great day,
TIC
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi,
I just want to know whether there is a bug in the code segment i provided in the last post.
Because when i just use region 1 to encrypt my code and leave region 0 unconfigured,which means all members in s_img_gen_ctx.plain_block_info[0] are zero,the code segment will use region 0 to encrypt ,not region 1.
Do i make myself clear?
Best regards!
Hi,
If you want to set multi-encrypted regions, it should indeed set these regions instead of keeping the default value.
So it's not a bug.
Have a great day,
TIC
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi,
Do you mean that i must use region 0 for second bootloader to decrypt application image when just use only one encrypted region?
If that's true,I have no problem.
Hi,
Sorry for replying late.
Regarding your design, in my opinion, I'd highly recommend using Region 0 to cover the whole flash size which contains the second bootloader and application, or using Region0 to handle the Bootloader, and Region1 to handle the application.
Hope this is clear.
BR,
Have a great day,
TIC
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Vector table of application is located at 0x60040000.Range of BEE region 1 is 0x60040000 to 0x60045000