I am trying to produce an encrypted firmware image using elftosb.
I have read a number of documents, e.g. AN12079, i.MX RT1060 Manufacturing UG, and they refer to a .bd file containing...
section (SEC_CSF_INSTALL_SECRET_KEY;
SecretKey_Name="dek.bin",
SecretKey_Length=128,
SecretKey_VerifyIndex=0,
SecretKey_TargetIndex=0)
{
}
How can I generate dek.bin, which I believe is the 16-byte AES 128 key?
I have run hab4_pki_tree.bat in CST tools and srktool to generate the keys and certs, but this does not produce a dek.bin.
The requirement is to encrypt the (elf) firmware image, download to qspi NOR flash and execute using BEE and DCP.
There are a number of NXP GUI encryption apps, Mfgtool, MCUXSPtool, MCUBootUtility etc, but these don't use dek.bin and they are they can't be used for OTA firmware upgrade.
Solved! Go to Solution.
dek.bin is used in MCUBootUtility when you set 'HAB Encrypted Image Boot' mode. you can find it in \NXP-MCUBootUtility\gen\hab_crypto\hab_dek.bin.
Note: To enable this mode, you need to install cst tool for MCUBootUtility
dek.bin is used in MCUBootUtility when you set 'HAB Encrypted Image Boot' mode. you can find it in \NXP-MCUBootUtility\gen\hab_crypto\hab_dek.bin.
Note: To enable this mode, you need to install cst tool for MCUBootUtility