帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

HAB Secure Boot for i.MX RT1050

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

HAB Secure Boot for i.MX RT1050

跳至解决方案
‎09-04-2023 05:56 AM
2,869 次查看
BiHDeveloper
Contributor I

Hello NXP community,

I'm working on a project using the NXP i.MX RT1050 CPU, where I have created a custom second-stage bootloader that loads my application binary file via USB HID. Now, I am interested in implementing High Assurance Boot (HAB) for added security.

I have a couple of questions:

  1. How can I implement HAB secure boot for the i.MX RT1050 in my use case, where I load the application via USB HID?

  2. Is there any specific guidance or documentation available for implementing HAB secure boot on the i.MX RT1050?

Additionally, I am looking for access to the "Security Reference Manual for the i.MX RT1050 Processor" and "Security Application Note AN12079" to gain a deeper understanding of the security features and best practices for my project.

Any help or guidance on these matters would be greatly appreciated.

Best regards

0 项奖励
回复
1 解答

跳至解决方案
‎10-18-2023 05:35 PM
2,628 次查看
Omar_Anguiano
NXP TechSupport
NXP TechSupport

You might want to refer to SBL(Secure Bootloader). It allows loading a signed image to your device. There is one example of how to set this and how to generate the image in this guide under 7.4: MCUOTASBLSFWUG.pdf (nxp.com)

Best regards,
Omar

在原帖中查看解决方案

回复
3 回复数

跳至解决方案
‎09-05-2023 12:15 PM
2,823 次查看
Omar_Anguiano
NXP TechSupport
NXP TechSupport

Hello
I hope you are well.

For more details on how to implement HAB on RT1050 please refer to AN12681. The access to these documents is grand through your distributor or FAE.

Best regards,
Omar

0 项奖励
回复

跳至解决方案
‎09-12-2023 01:21 AM
2,723 次查看
BiHDeveloper
Contributor I

Hi,

I have reviewed document AN12681 and did not find a proper way to securely update the application in flash via USB (second state bootloader) using HAB. How can I prepare the second state bootloader to comply with HAB and flash the application with a CSF file?

I am using the NXP sample project "flashloader" as a second-stage bootloader, and I want to implement HAB secure boot. However, I'm not sure how to do it, and I feel like I might be missing something. From what I understand, HAB is designed for the entire application (bootloader + app), and I'm not sure how to properly implement HAB when I want to change the app only (In that case, the CSF will be modified, and it might be located at a different memory location if the application size increases). However, the address of the CSF file is located in the IVT (Image Vector Table) of the second state bootloader and that part is unchanged.

I don't understand how to integrate all of this while still adhering to HAB.

Thank you in advance.

Thank you.

0 项奖励
回复

跳至解决方案
‎10-18-2023 05:35 PM
2,629 次查看
Omar_Anguiano
NXP TechSupport
NXP TechSupport

You might want to refer to SBL(Secure Bootloader). It allows loading a signed image to your device. There is one example of how to set this and how to generate the image in this guide under 7.4: MCUOTASBLSFWUG.pdf (nxp.com)

Best regards,
Omar

回复