FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How is dek.bin generated.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

How is dek.bin generated.

Jump to solution
‎01-04-2023 01:21 AM
817 Views
tonythurood2
Contributor I

I am trying to produce an encrypted firmware image using elftosb.

I have read a number of documents, e.g. AN12079, i.MX RT1060 Manufacturing UG, and they refer to a .bd file containing...

section (SEC_CSF_INSTALL_SECRET_KEY;
SecretKey_Name="dek.bin",
SecretKey_Length=128,
SecretKey_VerifyIndex=0,
SecretKey_TargetIndex=0)
{
}

How can I generate dek.bin, which I believe is the 16-byte AES 128 key?

I have run hab4_pki_tree.bat in CST tools and srktool to generate the keys and certs, but this does not produce a dek.bin.

The requirement is to encrypt the (elf) firmware image, download to qspi NOR flash and execute using BEE and DCP.

There are a number of NXP GUI encryption apps, Mfgtool, MCUXSPtool, MCUBootUtility etc, but these don't use dek.bin and they are they can't be used for OTA firmware upgrade.

 

0 Kudos
Reply
1 Solution

Jump to solution
‎01-08-2023 07:22 AM
799 Views
jay_heng
NXP Employee
NXP Employee

dek.bin is used in MCUBootUtility when you set 'HAB Encrypted Image Boot' mode. you can find it in \NXP-MCUBootUtility\gen\hab_crypto\hab_dek.bin.

Note: To enable this mode, you need to install cst tool for MCUBootUtility

View solution in original post

0 Kudos
Reply
1 Reply

Jump to solution
‎01-08-2023 07:22 AM
800 Views
jay_heng
NXP Employee
NXP Employee

dek.bin is used in MCUBootUtility when you set 'HAB Encrypted Image Boot' mode. you can find it in \NXP-MCUBootUtility\gen\hab_crypto\hab_dek.bin.

Note: To enable this mode, you need to install cst tool for MCUBootUtility

0 Kudos
Reply