FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Is BEE automatically enabled when programming an encrypted image?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Is BEE automatically enabled when programming an encrypted image?

Jump to solution
‎07-19-2019 08:07 AM
2,379 Views
henrique1
Contributor III

Hi,

I'm trying to learn more about the secure manufacturing programming techniques with the imx 1020. To maintain code confidentiality, the programmed flash image should be encrypted, and, from my understanding, the standard process then is to generate an SB file and use it with the MfgTools to automatically setup the device for the required configurations.

My question is then, if I want to perform flash writes/reads later on, is the encryption/decryption going to happen transparently or should I purposefully set up the bus encryption engine to make it work?

Thanks in advance!

Henrique

Labels (1)
Labels
Tags (3)
Reply
1 Solution

Jump to solution
‎07-22-2019 10:42 PM
2,181 Views
jay_heng
NXP Employee
NXP Employee

image encryption always needs to be done manually, that's why we have another host tool to do this job.

you can update part of encrypted code, only if new code is encrypted by the same key.

View solution in original post

Reply
3 Replies

Jump to solution
‎07-20-2019 06:30 PM
2,181 Views
jay_heng
NXP Employee
NXP Employee

You can try this one-stop GUI tool for encrypted image downloading: GitHub - JayHeng/NXP-MCUBootUtility: A one-stop boot utility tool based on Python2.7+wxPython4.0, it...

if BEE has been well configured by ROM, any AHB flash read in your app will be with BEE decryption automatically, but for flash write, it has nothing to do with BEE

Reply

Jump to solution
‎07-21-2019 11:32 PM
2,181 Views
henrique1
Contributor III

Hi Jay Heng,

Thank you very much for your reply.

So, if I want to secure the dynamic flash read/writes I should manually take care of encrypting/decrypting that data, since it would be outside the BEE region, right?

But what if I would like to perform field-firmware-updates and replace the app-code data with new encrypted code? Will that be possible to set up as well, meaning, using the same SNVS key to encrypt the data in flash?

Best regards,

Henrique

0 Kudos
Reply

Jump to solution
‎07-22-2019 10:42 PM
2,182 Views
jay_heng
NXP Employee
NXP Employee

image encryption always needs to be done manually, that's why we have another host tool to do this job.

you can update part of encrypted code, only if new code is encrypted by the same key.

Reply