Using two separate images with BEE enabled on RT1060

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Using two separate images with BEE enabled on RT1060

Jump to solution
1,776 Views
rasm
Contributor I

We are using RT1060 and decided to switch to secure boot with HAB and BEE enabled. We have two images currently and one of them is boot loader located at 0x60000000. It's only possible to select one image with Secure Provisioning tool and also the protected region seems to start only at 0x60001000 so I would like to know what are the correct steps to have both of the images signed and encrypted?

Labels (1)
0 Kudos
Reply
1 Solution
1,743 Views
jeremyzhou
NXP Employee
NXP Employee

Hi,
Thanks for your reply.
1. How do I manually edit the binary image file with a text editor? Or did you meant some other editor?
-- You download either a bin or hex editor via Google to make it.
2) Would it be possible to get a more detailed view of memory structure when there are several application images?
-- For the MCU, it's no difference between having only one application image or several images in the application area actually only if the bootable image conforms to the above structure.
For instance, the first application image occupies 0x60002000~0x60008000 area and the second image starts to occupy from 0x0x60010000, when merging these two application image files, you need to reserve the 0x2000 area between them.
3) And what is the memory structure of their certificate and signature counterpart?
-- Please refer to the below application note.
https://www.nxp.com/webapp/sps/download/mod_download.jsp?colCode=AN12079&appType=moderated
Have a great day,
TIC

 

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

 

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

0 Kudos
Reply
5 Replies
1,771 Views
jeremyzhou
NXP Employee
NXP Employee

Hi,

Thank you for your interest in NXP Semiconductor products and for the opportunity to serve you.
1) So I would like to know what are the correct steps to have both of the images signed and encrypted?
-- Actually, the easiest way is to merge these two application image files (BIN) with an editor manually.
Hope it helps.
Have a great day,
TIC

 

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

 

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply
1,764 Views
rasm
Contributor I

Thank you very much for your quick response.

Yes exactly, I would like both of the images to be encrypted and signed.

I don't see how I could merge BIN files, did you meant .hex files?

 

What about the starting address for encrypted and signed image, does it always start at 0x60001000? And if so what should be the start address entered in Secure Provisioning tool in case the images are merged, the address of the first image?

0 Kudos
Reply
1,760 Views
jeremyzhou
NXP Employee
NXP Employee

Hi,
Thanks for your reply.
1) Did you meant .hex files?
-- No, I mean bin file.
2) What about the starting address for encrypted and signed image, does it always start at 0x60001000?
-- No, for XIP mode, the application usually starts from 0x60002000.
3) And if so what should be the start address entered in the Secure Provisioning tool in case the images are merged, the address of the first image?
-- It's the beginning address of the first image.
Just like the below figure shows, the application area can consist of several application images actually.

jeremyzhou_0-1606956709115.png

 

Have a great day,
TIC

 

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

 

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

0 Kudos
Reply
1,748 Views
rasm
Contributor I

Hi,

1. How do I manually edit binary image file with a text editor? Or did you meant some other editor?

3. Would it be possible to get a more detailed view of memory structure when there are several application images? And what is the memory structure of their certificate and signature counterpart?

0 Kudos
Reply
1,744 Views
jeremyzhou
NXP Employee
NXP Employee

Hi,
Thanks for your reply.
1. How do I manually edit the binary image file with a text editor? Or did you meant some other editor?
-- You download either a bin or hex editor via Google to make it.
2) Would it be possible to get a more detailed view of memory structure when there are several application images?
-- For the MCU, it's no difference between having only one application image or several images in the application area actually only if the bootable image conforms to the above structure.
For instance, the first application image occupies 0x60002000~0x60008000 area and the second image starts to occupy from 0x0x60010000, when merging these two application image files, you need to reserve the 0x2000 area between them.
3) And what is the memory structure of their certificate and signature counterpart?
-- Please refer to the below application note.
https://www.nxp.com/webapp/sps/download/mod_download.jsp?colCode=AN12079&appType=moderated
Have a great day,
TIC

 

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

 

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply