FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

i.MX RT1060 encrypted boot with MCUBoot and Zephyr

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

i.MX RT1060 encrypted boot with MCUBoot and Zephyr

‎08-12-2025 03:15 AM
359 Views
jnaczyk
Contributor I

Hello, 

I am currently working on a project that is going to use i.MX RT1060 with external FLASH. The goal is to utilize encrypted boot (XIP from external FLASH) and MCUBoot to provide means for update. The ultimate goal of this encrypted boot is to protect the content residing on the external FLASH so that noone is able to easily download and analyze the content of the FLASH.

I came across of dozens of materials and demos that would explain the usage of the BEE, but usually they describe the scenario in which we provision the board with the encrypted image, without an option for convenient update (using i.e. MCUBoot).

Could you please help me find materials that could be useful for my use-case (if there are any) or provide any tips on how to do that?


Labels (1)
Labels
0 Kudos
Reply
1 Reply

‎08-13-2025 10:48 AM
323 Views
Omar_Anguiano
NXP TechSupport
NXP TechSupport

Unfortunately, there are no specific materials for this. If the image is encrypted, then your bootloader must consider the headers for it. This document details how to generate the encrypted image as well as how it is composed: Implement Second Bootloader on i.MX RT10xx Series

MCUBoot has the option to use and update an encrypted image; however, If I understood correctly, it uses decryption by sw instead of BEE: mcuboot | Secure boot for 32-bit Microcontrollers!

BR,
Omar

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2150838%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3Ei.MX%20RT1060%20encrypted%20boot%20with%20MCUBoot%20and%20Zephyr%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2150838%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%2C%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20currently%20working%20on%20a%20project%20that%20is%20going%20to%20use%20i.MX%20RT1060%20with%20external%20FLASH.%20The%20goal%20is%20to%20utilize%20encrypted%20boot%20(XIP%20from%20external%20FLASH)%20and%20MCUBoot%20to%20provide%20means%20for%20update.%20The%20ultimate%20goal%20of%20this%20encrypted%20boot%20is%20to%20protect%20the%20content%20residing%20on%20the%20external%20FLASH%20so%20that%20noone%20is%20able%20to%20easily%20download%20and%20analyze%20the%20content%20of%20the%20FLASH.%3C%2FP%3E%3CP%3EI%20came%20across%20of%20dozens%20of%20materials%20and%20demos%20that%20would%20explain%20the%20usage%20of%20the%20BEE%2C%20but%20usually%20they%20describe%20the%20scenario%20in%20which%20we%20provision%20the%20board%20with%20the%20encrypted%20image%2C%20without%20an%20option%20for%20convenient%20update%20(using%20i.e.%20MCUBoot).%3C%2FP%3E%3CP%3ECould%20you%20please%20help%20me%20find%20materials%20that%20could%20be%20useful%20for%20my%20use-case%20(if%20there%20are%20any)%20or%20provide%20any%20tips%20on%20how%20to%20do%20that%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2150838%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CLINGO-LABEL%3Ei.MXRT%20106x%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2151792%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20i.MX%20RT1060%20encrypted%20boot%20with%20MCUBoot%20and%20Zephyr%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2151792%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EUnfortunately%2C%20there%20are%20no%20specific%20materials%20for%20this.%20If%20the%20image%20is%20encrypted%2C%20then%20your%20bootloader%20must%20consider%20the%20headers%20for%20it.%20This%20document%20details%20how%20to%20generate%20the%20encrypted%20image%20as%20well%20as%20how%20it%20is%20composed%3A%20%3CA%20href%3D%22https%3A%2F%2Fwww.nxp.com%2Fdocs%2Fen%2Fapplication-note%2FAN12604.pdf%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EImplement%20Second%20Bootloader%20on%20i.MX%20RT10xx%20Series%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EMCUBoot%20has%20the%20option%20to%20use%20and%20update%20an%20encrypted%20image%3B%20however%2C%20If%20I%20understood%20correctly%2C%20it%20uses%20decryption%20by%20sw%20instead%20of%20BEE%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.mcuboot.com%2Fencrypted_images.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Emcuboot%20%7C%20Secure%20boot%20for%2032-bit%20Microcontrollers!%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EBR%2C%3CBR%20%2F%3EOmar%3C%2FP%3E%3C%2FLINGO-BODY%3E