Enable OTFAD function , then jump to application code will failure

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enable OTFAD function , then jump to application code will failure

521 Views
Felix_ar
Contributor III

Hi All

The customer build bootloader by himself, but encounter some issue.

Disable OTFAD function, application code address start from 0x60020000.

bootloader can jump to application.

Enable OTFAD function, encryption application code address start from 0x60020000.

bootloader can't jump to application.

Enable OTFAD function, encryption application code address start from 0x60021000.

bootloader can jump to application.

Could you tell us how to do can fix this issue? or the first 4K bytes of the application code can't be  encrypted.

attached file is the customer sample code.

Bootloader (evkmimxrt1010_dev_hid_generic_bm): 0x60000000

Application(evkmimxrt1010_flexspi_nor_polling_transfer): 0x60020000

Thanks.

 

Labels (1)
0 Kudos
Reply
7 Replies

497 Views
diego_charles
NXP TechSupport
NXP TechSupport

Hi @Felix_ar 

Thank you for reaching out! 

I understand that the customer can use OTFAD to decrypt automatically code, but to achive this they had  to increase by 1K  the offset of their application ( from 0x6002_0000 to 0x6002_1000) and they want to know why.

I quickly checked the customer bootloader source code,  but it is not clear for me how are they enabling/setting  the OTFAD prior to jump to the application, could you describe this? 

Did they configured OTFAD only for the application or for the bootloader or both? How ?

Another question is :  can we reproduce this with our MIMX RT1010 -EVK?

Thank you! 

Diego

 

 

 

 

0 Kudos
Reply

464 Views
Felix_ar
Contributor III

Hi @diego_charles 

Thank you reply.

1.  The customer use MCUXpresso Secure Provisioning Tool v9 to enable OTFAD function.

2. Only encryption application code.

3. MIMX RT1010 -EVK can reproduce  this issue.

below is Secure Provisioning Tool v9 setting screenshot.

fail.jpg

Fail

pass.jpg

Pass

Thank you.

428 Views
diego_charles
NXP TechSupport
NXP TechSupport

Hi @Felix_ar 

Thank you for letting me know, I am working to see if I can replicate this on my end. 

Diego

0 Kudos
Reply

344 Views
Felix_ar
Contributor III

Hi @diego_charles 

 

Any update for this case?

Thanks.

 

0 Kudos
Reply

238 Views
diego_charles
NXP TechSupport
NXP TechSupport

Hi @Felix_ar 

Thank you very much for your patience, I appreciate.

I was able to get application working in plain mode. 

diego_charles_0-1732233235784.png

But I am still diagnosing why you can not setup OFTAD at 0x6002_0000 and boot. 

Just a question, how are you creating and loading the secondary application?

With the SPT is easy to program the bootlaoder and the flexSPI application as an additional image. but I do not know the process you are following. 

Diego

0 Kudos
Reply

156 Views
Omar_hong
Contributor II

Hi @diego_charles 

Thanks for your reply!
 
I am a customer of @Felix_ar .
 
I was able to get application working in plain mode. 
=>In this case, we can also operate normally.
 
But I am still diagnosing why you can not setup OFTAD at 0x6002_0000 and boot. 
=>All our data is attached for your reference so that you can reproduce our situation.
NXPRT1010_TEST
    Source code  ----------------bootloader & APP code 
    Full_Plaintext.bin---------- bootloader + APP
    TEST_KEY --------------------HAB+OTFAD KEY
    20000
boot_image-------------------generate by SPT
    debug_log.jpg
    OTFAD_config.jpg
    Full_cipher_text_60020000.bin
21000
    boot_image-------------------generate by SPT
   debug_log.jpg
   OTFAD_config.jpg
Full_cipher_text_6002100.bin
 
 
Just a question, how are you creating and loading the secondary application?
=>
1.I first used a new RT1010 EVB (not burn any efuse )to create the following bin file.
2.use the NXP IDE to flash the bootloader into the RT1010, and then use the NXP-MCUBootUtility to flash the app bin file into the RT1010.
3.use NXP-MCUBootUtility to download Full_Plaintext.bin(bootloader + app)
 
 
With the SPT is easy to program the bootlaoder and the flexSPI application as an additional image. but I do not know the process you are following. 
=>
I tried this feature, but the app section didn't succeed in encrypting, and the test results were also unsuccessful.

Omar_hong_0-1732531378785.jpeg

 

44 Views
Omar_hong
Contributor II

Hi @diego_charles 

         Can you reproduce our situation?

 Any update for this case?

Thanks.

0 Kudos
Reply