HAB Secure Boot for i.MX RT1050

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HAB Secure Boot for i.MX RT1050

Jump to solution
1,264 Views
BiHDeveloper
Contributor I

Hello NXP community,

I'm working on a project using the NXP i.MX RT1050 CPU, where I have created a custom second-stage bootloader that loads my application binary file via USB HID. Now, I am interested in implementing High Assurance Boot (HAB) for added security.

I have a couple of questions:

  1. How can I implement HAB secure boot for the i.MX RT1050 in my use case, where I load the application via USB HID?

  2. Is there any specific guidance or documentation available for implementing HAB secure boot on the i.MX RT1050?

Additionally, I am looking for access to the "Security Reference Manual for the i.MX RT1050 Processor" and "Security Application Note AN12079" to gain a deeper understanding of the security features and best practices for my project.

Any help or guidance on these matters would be greatly appreciated.

Best regards

0 Kudos
Reply
1 Solution
1,025 Views
Omar_Anguiano
NXP TechSupport
NXP TechSupport

You might want to refer to SBL(Secure Bootloader). It allows loading a signed image to your device. There is one example of how to set this and how to generate the image in this guide under 7.4: MCUOTASBLSFWUG.pdf (nxp.com)

Best regards,
Omar

View solution in original post

3 Replies
1,220 Views
Omar_Anguiano
NXP TechSupport
NXP TechSupport

Hello
I hope you are well.

For more details on how to implement HAB on RT1050 please refer to AN12681. The access to these documents is grand through your distributor or FAE.

Best regards,
Omar

0 Kudos
Reply
1,120 Views
BiHDeveloper
Contributor I

Hi,

I have reviewed document AN12681 and did not find a proper way to securely update the application in flash via USB (second state bootloader) using HAB. How can I prepare the second state bootloader to comply with HAB and flash the application with a CSF file?

I am using the NXP sample project "flashloader" as a second-stage bootloader, and I want to implement HAB secure boot. However, I'm not sure how to do it, and I feel like I might be missing something. From what I understand, HAB is designed for the entire application (bootloader + app), and I'm not sure how to properly implement HAB when I want to change the app only (In that case, the CSF will be modified, and it might be located at a different memory location if the application size increases). However, the address of the CSF file is located in the IVT (Image Vector Table) of the second state bootloader and that part is unchanged.

I don't understand how to integrate all of this while still adhering to HAB.

Thank you in advance.

Thank you.

0 Kudos
Reply
1,026 Views
Omar_Anguiano
NXP TechSupport
NXP TechSupport

You might want to refer to SBL(Secure Bootloader). It allows loading a signed image to your device. There is one example of how to set this and how to generate the image in this guide under 7.4: MCUOTASBLSFWUG.pdf (nxp.com)

Best regards,
Omar