Hi All,
I've been looking at MCUXpresso Secure Provisioning tool for my custom imxrt1170 based board. The tool is able to detect the board via USB and managed to build and write an image to the flash (MT25QL256ABA1EW7-0SIT). I did all of this using the GUI and not the command line interface. I saw in the user guide that it supports command line but I couldn't see all the commands I need. For context, these are the steps I need to manufacture my board:
- Generate authentication keys. I guess this only need to be done once.
- Build a signed image. This image will be the bootloader and won't change once a board has shipped so I will only need to generate the image once and use it on multiple boards.
- Write the image and burn the srk hash fuses.
- Close the board. How do I check the bootloader image I wrote in step 2 above will actually pass the signature check? In uboot, I used to run hab_status before closing the board, but not sure how that's done in this case.
- Potentially reset so that the closing the board state changes? Previously on imx6 units, the board was reporting that it was in unsecure mode until it was rebooted. Is that the case here?
- Write the application image to flash at a given offset.
- Write "golden" factory application image to flash at another given offset.
- Write other manufacturing data at given flash offset.
- Burn fuses to set the boot media (SPI NOR for me so no fuses to burn) and BT_FUSE_SEL.
Can I do the above steps using the secure provisioning tool command line interface? The writing to flash bits will potentially need to erase sectors first and also do verify after write.
Thank you,
Daniel
