Problem with BEE Config for Encryped XIP

Hello

I'm currently working on a project with the MIMXRT1060 SoC.

My plan is to incorporate the MCUboot bootloader as SPL and have encrypted binaries.
To do this, I've been able to validate its correct operation using the mcuboot_opensource example and enable support for encrypted XIP.

I'm using the MCUXpresso SDK 25.3.0.

My intention now is to also encrypt the MCUboot using the Secure Provisioning Tool (SPT version 25.03).

I've created an authenticated XIP encrypted (BEE OTPMK) image, and within the XIP encryption (BEE OTPMK) section, I've selected the MCUBoot address range as protected region 0 (Region start: 0x60001000, Region length: 0x36000).

Finally, I set the BEE_KEY0_SEL and BEE_KEY1_SEL fuses to OTPMK and enabled Encrypted XIP fuse.

After flashing the created image, the BootROM successfully boots the encrypted MCUBoot.
However, MCUBoot execution stops at a certain point, and the MCU enters Serial Downloader mode.

After debugging the code, I was able to access the mcuboot/ext/nxp_encrypted_xip/src/encrypted_xip_platform_bee.c file, and specifically, the problem occurs after the BEE_SetConfig(BEE, &beeConfig); function.

My understanding is that the BootROM configures the BEE module to be able to decrypt the MCUBoot, and then the MCUBoot reconfigures it again to adjust the region where the final application binary image resides.

I understand the problem stems from the attempt to reconfigure the BEE module.

How should I proceed to configure the BEE module correctly? Do I need to adjust anything in the SPT tool, or do I need to make any adjustments to the encrypted_xip_platform_bee.c file?

Thanks in advance.