- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- i.MX Forums
- :
- i.MX RT Crossover MCUs
- :
- Files in the SPT workspace have disappeared due to an error or bug
Files in the SPT workspace have disappeared due to an error or bug
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Files in the SPT workspace have disappeared due to an error or bug
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried encrypted boot (Encrypted XIP with OTFAD) on the MIMXRT1160-EVK.
At this time, I generated the key in PKI Management in SPT with P-256 specified, and confirmed that it worked correctly.
However, it seems that the workspace was not saved.
When we started SPT on another day, PKI Management referred to an old key (RSA2048) and showed an error that the old key did not exist.
For this reason, I tried to import the key generated by P-256 at but failed with the error.
Failure: Import keys failed: impossible to import keys from folder
Thinking that the folder specified might be incorrect, I tried to import by specifying the root folder of the SPT workspace, but got the following error.
Import keys from: C:\<path to workspace>
ERROR: Keys from 'C:\<path to workspace>\imported_settings.sptjson' could not be imported due to error(s): ["Key file 'crts\\SRK1_sha256_2048_65537_v3_ca_crt.pem' does not exist on the disk.", "Key file 'crts\\SRK2_sha256_2048_65537_v3_ca_crt.pem' does not exist on the disk.", "Key file 'crts\\SRK3_sha256_2048_65537_v3_ca_crt.pem' does not exist on the disk.", "Key file 'crts\\SRK4_sha256_2048_65537_v3_ca_crt.pem' does not exist on the disk.", "Key file 'crts\\IMG1_1_sha256_2048_65537_v3_usr_crt.pem' does not exist on the disk.", "Key file 'crts\\IMG2_1_sha256_2048_65537_v3_usr_crt.pem' does not exist on the disk.", "Key file 'crts\\IMG3_1_sha256_2048_65537_v3_usr_crt.pem' does not exist on the disk.", "Key file 'crts\\IMG4_1_sha256_2048_65537_v3_usr_crt.pem' does not exist on the disk.", "Key file 'crts\\CSF1_1_sha256_2048_65537_v3_usr_crt.pem' does not exist on the disk.", "Key file 'crts\\CSF2_1_sha256_2048_65537_v3_usr_crt.pem' does not exist on the disk.", "Key file 'crts\\CSF3_1_sha256_2048_65537_v3_usr_crt.pem' does not exist on the disk.", "Key file 'crts\\CSF4_1_sha256_2048_65537_v3_usr_crt.pem' does not exist on the disk."]
ERROR: Import can be done only if the backup folder contains a workspace settings file.
Status of the operation: Failure: Import keys
ELF image converted to SREC: source_images\evkmimxrt1160_lwip_httpssrv_mbedTLS_freertos_cm7.srec
DCD retrieved from bootable HAB image: source_images\evkmimxrt1160_lwip_httpssrv_mbedTLS_freertos_cm7.dcd_parsed.bin
Application image 'source_images\evkmimxrt1160_lwip_httpssrv_mbedTLS_freertos_cm7.srec' retrieved from bootable image
At this time, files such as keys generated by P-256 that were left in the crts, keys folder have disappeared.
This has caused me to be unable to run new images with EVK.
Is there any way to recover these files?
regards
marek-trmac
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
during import the existing keys are copied into "backup" folder in the workspace. You should be able to recover from there.
Marek
Sam_Gao
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is totally different with the keys RSA2048 and P-256(ECDSA), so it is incorrect to use the keys based on RSA to verify the encryption via ECDSA.
As far as I know, if the keys were lost, there is almost no chance of recovering them.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It was not an attempt to use an RSA-based key.
The RSA key was generated but that SRK was not written to the device, only a remnant.
The P-256 key-based SRK_HASH was written and secure boot and encrypted boot were confirmed to work.
However, the workspace was not saved and the first problem was that SPT was trying to reference the RSA key instead of the P-256, which caused an error.
Then, when we tried to import the P-256 keys to solve that, a bug in SPT deleted those files, which was a serious problem.
Since the problem was caused by a bug in SPT, isn't NXP responsible?
Sam_Gao
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your update! I think I got your point a little bit. @spthx
'SPT was trying to reference the RSA key instead of the P-256, which caused an error.
Then, when we tried to import the P-256 keys to solve that, a bug in SPT deleted those files, which was a serious problem.'
If yes, it should be a serios problem. But, would you please give me some trace log and reproduce steps to me? I want to reproduce it from my side before I confirm. Thanks.
SPT Ver: ?
HW: RT1160 EVK
Example: evkmimxrt1160_lwip_httpssrv_mbedTLS_freertos_cm7
Reproduce stpes: ?
B.R,
Sam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SPT Ver: version 25.03.01
HW: RT1160 EVK
Example: evkmimxrt1160_lwip_httpssrv_mbedTLS_freertos_cm7
Reproduce steps: see below
The information is given to the best of my recollection.
Please understand that it may not be accurate.
1. prepare a new EVK.
2. generate a key by specifying RSA2048 in Generate Keys in SPT's PKI Management (only generated, not written)
3. save the workspace
4. Reboot the PC
5. build the SDK Example (evkmimxrt1160_lwip_httpssrv_mbedTLS_freertos_cm7) in the IDE
6. start SPT and generate P-256 keys in Generate Keys in PKI Management
7. specify Authenticated, from FlexSPI Nor Simplified, closed HAB enabled in SPT and build - execute Write Image (also execute fuse programming)
8. confirm boot in Authenticated HAB mode with EVK
9. select Encrypted (OTFAD) authenticated in SPT and execute Build - Write Image (also execute fuse programming)
10. confirm that EVK boots in Encrypted XIP with OTFAD mode
11. reboot the PC without saving the SPT workspace
12. start SPT
13. error in PKI Management with RSA key referenced instead of P-256.
14. click import keys and specify the keys folder in the workspace => error (not logged for some reason)
15. click import keys, specify workspace crts folder => error occurs (from 2025-06-18 09:17:11 in log)
16. click import keys and specify the root folder of the workspace => error occurs and the keys and crts files are deleted (from 2025-06-18 09:19:11 in the log, but delete is not logged).
Check the SPT log file attached for details.
marek-trmac
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The import keys functionality is designed to import the keys from the backup folder (so you backup the keys and then restore back) or import from another workspace. It was definitely not expected to be used as import the keys from the current workspace. We will handle this use case in the tool in next release, so it is explicitly disabled.
If you still have a keys (in backup folder), you can import them back. See documentation: MCUXpresso Secure Provisioning Tool 25.03 documentation - Import Export Keys. You can follow the steps described in paragraph "To import external keys that were not exported from the SEC tool:"
> Since the problem was caused by a bug in SPT, isn't NXP responsible?
NXP responsibility is described in the license.
Generally, before you burn any fuses. I'd recommend to backup the keys into safe location.
Marek
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
during import the existing keys are copied into "backup" folder in the workspace. You should be able to recover from there.
It appears that no backup was made when the import keys was executed.
In the backup folder there is a key (RSA key in my case) that seems to have been copied when generate keys was run,
There is no key (P-256) that should really be backed up.
We will handle this use case in the tool in next release, so it is explicitly disabled.
Will you address this in the next release?
Are you saying you reproduced it in your environment?
If so, it is a bug.
I'm sorry about the misuse of the software, but do you want me to assume that it will cause shoddy behaviour that will result in important files being deleted?
It's just too ridiculous.
By all means, fix it as soon as possible.
Sam_Gao
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your update!
Yes, it is a bug.
I discussed with @marek-trmac that we will fix this bug in the next release in July.
Thanks for your contribution.
B.R,
Sam
