Hi,
Our iMXRT1060 product runs with a bootloader of our design. The delivered units will be authenticated HAB (closed) and SRK + SEC_CFG eFuses active. In this state, the device starts and runs the signed bootloader normally, which means vectoring to an active flash bank that will run the main app.
Firmware updates for the main app are via a flash card. The boot process is put into MSD mode and a new signed image is written to the SD card, bootloader identifies this and writes image to available flash bank then flips banks. The new image is executed and previous bank becomes available.
The problem is that the new firmware image is not authenticated, a plain image runs the same as a signed image. I have looked at your security documents, AN12681, AN12079, RT1050 HAB Encrypted, IMXMCUMFUUG, etc. They all refer to the use of your serial boot utility tools, SPTool, MCUBootUtilityTool, MfgTool, blhost.exe, etc. As you know these serial boot tools can only be used once. When the HAB is closed they have no further use.
Can you please show an example of how firmware update images can be authenticated programmatically, so that security is maintained.
