I am trying to produce an encrypted firmware image using elftosb.
I have read a number of documents, e.g. AN12079, i.MX RT1060 Manufacturing UG, and they refer to a .bd file containing...
section (SEC_CSF_INSTALL_SECRET_KEY;
SecretKey_Name="dek.bin",
SecretKey_Length=128,
SecretKey_VerifyIndex=0,
SecretKey_TargetIndex=0)
{
}
How can I generate dek.bin, which I believe is the 16-byte AES 128 key?
I have run hab4_pki_tree.bat in CST tools and srktool to generate the keys and certs, but this does not produce a dek.bin.
The requirement is to encrypt the (elf) firmware image, download to qspi NOR flash and execute using BEE and DCP.
There are a number of NXP GUI encryption apps, Mfgtool, MCUXSPtool, MCUBootUtility etc, but these don't use dek.bin and they are they can't be used for OTA firmware upgrade.
