帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Is BEE automatically enabled when programming an encrypted image?

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

Is BEE automatically enabled when programming an encrypted image?

跳至解决方案
‎07-19-2019 08:07 AM
1,259 次查看
henrique1
Contributor III

Hi,

I'm trying to learn more about the secure manufacturing programming techniques with the imx 1020. To maintain code confidentiality, the programmed flash image should be encrypted, and, from my understanding, the standard process then is to generate an SB file and use it with the MfgTools to automatically setup the device for the required configurations.

My question is then, if I want to perform flash writes/reads later on, is the encryption/decryption going to happen transparently or should I purposefully set up the bus encryption engine to make it work?

Thanks in advance!

Henrique

标签 (1)
标签
标记 (3)
回复
1 解答

跳至解决方案
‎07-22-2019 10:42 PM
1,061 次查看
jay_heng
NXP Employee
NXP Employee

image encryption always needs to be done manually, that's why we have another host tool to do this job.

you can update part of encrypted code, only if new code is encrypted by the same key.

在原帖中查看解决方案

回复
3 回复数

跳至解决方案
‎07-20-2019 06:30 PM
1,061 次查看
jay_heng
NXP Employee
NXP Employee

You can try this one-stop GUI tool for encrypted image downloading: GitHub - JayHeng/NXP-MCUBootUtility: A one-stop boot utility tool based on Python2.7+wxPython4.0, it...

if BEE has been well configured by ROM, any AHB flash read in your app will be with BEE decryption automatically, but for flash write, it has nothing to do with BEE

回复

跳至解决方案
‎07-21-2019 11:32 PM
1,061 次查看
henrique1
Contributor III

Hi Jay Heng,

Thank you very much for your reply.

So, if I want to secure the dynamic flash read/writes I should manually take care of encrypting/decrypting that data, since it would be outside the BEE region, right?

But what if I would like to perform field-firmware-updates and replace the app-code data with new encrypted code? Will that be possible to set up as well, meaning, using the same SNVS key to encrypt the data in flash?

Best regards,

Henrique

0 项奖励
回复

跳至解决方案
‎07-22-2019 10:42 PM
1,062 次查看
jay_heng
NXP Employee
NXP Employee

image encryption always needs to be done manually, that's why we have another host tool to do this job.

you can update part of encrypted code, only if new code is encrypted by the same key.

回复