Hi
I got internal doc from NXP people.
I follow the doc to execute image.exe with some command.
But I get “Unsupported argument”.
Could you help me to check the parameters of image.exe?
Regards
Ken
Hi Ken Su,
Do you already get the image_enc.exe which is used for the BEE?
In fact, if you already get it, I think you also can use the MCUBootUtility tool to do the BEE instead of the commander line, it will be easier to use it.
MCUBootutility tool can be downloaded from this link:
https://github.com/JayHeng/NXP-MCUBootUtility/archive/v2.3.0.zip
the related user manual is:
https://github.com/JayHeng/NXP-MCUBootUtility
You also can refer to my RT1020 BEE operation in this post:
https://community.nxp.com/message/1275911?commentID=1275911#comment-1273495
reply on: Feb 24, 2020 7:55 AM
About the document you mentioned, I don't have it and don't know which detail internal document.
If you don't want to use the MCUBootutility, and still want to use the command line, you also can create the case, and share your internal document with me, I would like to help you to check it. On my side, when I use the BEE, I mainly use the MCUBootUtility tool to configure the BEE mode directly.
Wish it helps you!
If you still have questions about it, please kindly let me know.
Best Regards,
Kerry
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi Kerry
Thanks for suggestion,
Now I use MCUBootUtility tool firstly and study the command and tool, please check my step:
Step 1: unzip NXP-MCUBootUtility-master.zip and copy image_enc.exe to NXP-MCUBootUtility-master\tools\image_enc\win\
Step 2: Connect my RT1015 EVK, and set to download mode by SW8(3 is low, 4 is high)
Step 3: Prepare SDK: I use evkmimxrt1015_igpio_led_output,
And I generate .s19 format output.
Step 4: Connect my EVK from tool --> Successful
Select Boot Type BEE Encrypted Image Boot
Step 5: Press All-In-One-Action
The process bar is running but not complete. It looks like stop.
Step 6: My tool log.
//======================================================================================
'Connect to xxx' button is clicked
Executing E:\NXP-MCUBootUtility-master\tools\sdphost\win\sdphost -t 50000 -u 0x1FC9,0x0130 -j -- error-status
Executing E:\NXP-MCUBootUtility-master\tools\sdphost\win\sdphost -t 50000 -u 0x1FC9,0x0130 -j -- read-register 1075790864 32 4 E:\NXP-MCUBootUtility-master\tools\sdphost\win\vectors\readReg.dat
Executing E:\NXP-MCUBootUtility-master\tools\sdphost\win\sdphost -t 50000 -u 0x1FC9,0x0130 -j -- read-register 1075790880 32 4 E:\NXP-MCUBootUtility-master\tools\sdphost\win\vectors\readReg.dat
Executing E:\NXP-MCUBootUtility-master\tools\sdphost\win\sdphost -t 50000 -u 0x1FC9,0x0130 -j -- read-register 1074757636 32 4 E:\NXP-MCUBootUtility-master\tools\sdphost\win\vectors\readReg.dat
Executing E:\NXP-MCUBootUtility-master\tools\sdphost\win\sdphost -t 50000 -u 0x1FC9,0x0130 -j -- read-register 1074757660 32 4 E:\NXP-MCUBootUtility-master\tools\sdphost\win\vectors\readReg.dat
Executing E:\NXP-MCUBootUtility-master\tools\sdphost\win\sdphost -t 50000 -u 0x1FC9,0x0130 -j -- read-register 1074757660 32 4 E:\NXP-MCUBootUtility-master\tools\sdphost\win\vectors\readReg.dat
Executing E:\NXP-MCUBootUtility-master\tools\sdphost\win\sdphost -t 50000 -u 0x1FC9,0x0130 -j -- write-file 539001344 E:\NXP-MCUBootUtility-master\src\targets\MIMXRT1015\ivt_flashloader.bin
Executing E:\NXP-MCUBootUtility-master\tools\sdphost\win\sdphost -t 50000 -u 0x1FC9,0x0130 -j -- jump-address 539001344
Executing E:\NXP-MCUBootUtility-master\tools\blhost2_3\win\blhost -t 50000 -u 0x15A2,0x0073 -j -- get-property 1 0
Executing E:\NXP-MCUBootUtility-master\tools\blhost2_3\win\blhost -t 50000 -u 0x15A2,0x0073 -j -- get-property 1 0
Executing E:\NXP-MCUBootUtility-master\tools\blhost2_3\win\blhost -t 50000 -u 0x15A2,0x0073 -j -- get-property 24 0
Executing E:\NXP-MCUBootUtility-master\tools\blhost2_3\win\blhost -t 50000 -u 0x15A2,0x0073 -j -- efuse-read-once 5
Executing E:\NXP-MCUBootUtility-master\tools\blhost2_3\win\blhost -t 50000 -u 0x15A2,0x0073 -j -- efuse-read-once 6
Executing E:\NXP-MCUBootUtility-master\tools\blhost2_3\win\blhost -t 50000 -u 0x15A2,0x0073 -j -- efuse-read-once 7
Executing E:\NXP-MCUBootUtility-master\tools\blhost2_3\win\blhost -t 50000 -u 0x15A2,0x0073 -j -- efuse-read-once 6
Executing E:\NXP-MCUBootUtility-master\tools\blhost2_3\win\blhost -t 5242000 -u 0x15A2,0x0073 -j -- read-memory 1074446400 4 E:\NXP-MCUBootUtility-master\tools\blhost2_3\win\vectors\readReg.dat 0
Executing E:\NXP-MCUBootUtility-master\tools\blhost2_3\win\blhost -t 5242000 -u 0x15A2,0x0073 -j -- fill-memory 538976256 4 3221225479 word
Executing E:\NXP-MCUBootUtility-master\tools\blhost2_3\win\blhost -t 5242000 -u 0x15A2,0x0073 -j -- fill-memory 538976260 4 0 word
Executing E:\NXP-MCUBootUtility-master\tools\blhost2_3\win\blhost -t 50000 -u 0x15A2,0x0073 -j -- configure-memory 9 538976256
Executing E:\NXP-MCUBootUtility-master\tools\blhost2_3\win\blhost -t 5242000 -u 0x15A2,0x0073 -j -- read-memory 1610612736 1024 E:\NXP-MCUBootUtility-master\tools\blhost2_3\win\vectors\flexspiNorCfg.dat 9
'Generate Certificate' button is clicked
serial is generated: E:\NXP-MCUBootUtility-master\gen\hab_cert\serial
key_pass.txt is generated: E:\NXP-MCUBootUtility-master\gen\hab_cert\key_pass.txt
serial and key_pass.txt are copied to: E:\NXP-MCUBootUtility-master\tools\cst\keys
//==============================================================================
Do I loss any setting?
Please check my step and setting.
And I want to double confirm : Can I burn EVK efuse? I am not sure if the EVK fuse are all lock?
Thank you very much.
Regards
Ken
Hi Ken,
Do you also want to do the HAB certification while you do the BEE secure?
If yes, just copy the image_enc.exe is not enough, you also need to do the HAB configuration.
My HAB document have mentioned it:
RT1050 HAB Encrypted Image Generation and Analysis
Chapter 2.1 CST tool preparation
In fact, from theory, if you don't do the HAB, you can select the Enable Certificate for HW(bee/OTFAD) encryption as No.
Then the BEE mode won't do the HAB operation, and you don't need to do the CST configuration.
Do you already close your HAB Status?
Best Regards,
Kerry
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi Kerry
Sorry for late reply,
As you say,
"In fact, from theory, if you don't do the HAB, you can select the Enable Certificate for HW(bee/OTFAD) encryption as No."
I understood, and I will select "No".
But my EVK efuse have some bit lock enabled.
So that my BEE XIP evaluation cannot continue.
Now I am studying AN12079 and elftosb manual. I will ask some question in another post.
I think I must understand more elftosb concept so that I can use my command line to complete the BEE XIP process.
Thanks
Ken
Hi Ken Su,
That's why I checked it with you, as I find your picture already select the HAB, if you already do the BEE downloading, I'm afraid you already close the HAB which will write the fuse map. But it doesn't matter, the official side recommend you also close the HAB when do the BEE security, you still can do the BEE downloading, but you need to prepare the related SRK files, then you can use the MCUBootUtility download the code again.
If you still want to use the elftosb, you can create the case, and share me your internal doc from NXP people, I would like to help you to check it on my side, as I still don't have the document which you mentioned it.
After you create the case, you can write assign to kerry, then I will help you to check more details and test with the elftosb commander line. AN12079 didn't mention the image_enc.exe.
Best Regards,
Kerry
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi Kerry
one more question,
To make the discuss more clearly, can I use "Traditional Chinese" or "simplified Chinese" on community?
Regards
Ken
Hi Ken Su
Simplified Chinese is acceptable!
Best Regards,
Kerry
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi Kerry
I am check the again MCUBootutility .
Image is using MCUBootutility demo app. "led_blinky_0x60002000.srec"
I don't need Certificate for HW Encryption, so I select No.
I use the Master mode,
So I can generate Unsigned bootable image and Encrypt bootable image.
When I press Load Encrypted Image,
Tool will try to load a file "ivt_led_blinky_0x60002000_unsigned_bee_encrypted_nocfgblock.bin" to address "0x60000400".
Is the "ivt_led_blinky_0x60002000_unsigned_bee_encrypted_nocfgblock.bin" file the final Enctryped_Boot image?
Regards
Ken
Hi Ken Su,
Yes, you are right.
ivt_led_blinky_0x60002000_unsigned_bee_encrypted_nocfgblock.bin will write to the 0X400.
You can check the nocfgblock.bin with my readout data:
In fact, you don't need to do it step by step, you can click the button: All in one action, it will help you to download it directly.
Last week, I wrote your situation as an doc post, both with the MCUBootUtility and the Commander line:
RT1015 APP BEE encryption operation method
You can check it on your side. Seems you didn't reply to me after my updated in your another post:
Please also note, you need to readout the fuse map, make sure you are selecting the correct key source.
Any updated information, just kindly let me know.
Best Regards,
Kerry
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi Kerry
Thanks a lot.
I will create the case, and attach the doc with you soon.
Please wait.
Regards
Ken