Hi,
I'm trying to learn more about the secure manufacturing programming techniques with the imx 1020. To maintain code confidentiality, the programmed flash image should be encrypted, and, from my understanding, the standard process then is to generate an SB file and use it with the MfgTools to automatically setup the device for the required configurations.
My question is then, if I want to perform flash writes/reads later on, is the encryption/decryption going to happen transparently or should I purposefully set up the bus encryption engine to make it work?
Thanks in advance!
Henrique
解決済! 解決策の投稿を見る。
image encryption always needs to be done manually, that's why we have another host tool to do this job.
you can update part of encrypted code, only if new code is encrypted by the same key.
You can try this one-stop GUI tool for encrypted image downloading: GitHub - JayHeng/NXP-MCUBootUtility: A one-stop boot utility tool based on Python2.7+wxPython4.0, it...
if BEE has been well configured by ROM, any AHB flash read in your app will be with BEE decryption automatically, but for flash write, it has nothing to do with BEE
Hi Jay Heng,
Thank you very much for your reply.
So, if I want to secure the dynamic flash read/writes I should manually take care of encrypting/decrypting that data, since it would be outside the BEE region, right?
But what if I would like to perform field-firmware-updates and replace the app-code data with new encrypted code? Will that be possible to set up as well, meaning, using the same SNVS key to encrypt the data in flash?
Best regards,
Henrique
image encryption always needs to be done manually, that's why we have another host tool to do this job.
you can update part of encrypted code, only if new code is encrypted by the same key.