FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

i.MX RT10xx Encrypted XIP with Authentication

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

i.MX RT10xx Encrypted XIP with Authentication

Jump to solution
‎07-04-2024 12:44 AM
1,112 Views
MulattoKid
Contributor IV

Hi,

I'm working on an RT1060, and testing HAB authentication and encrypted XIP. I've gotten both working, but I noticed behavior I didn't expect.

I'm using the Secure Provisioning Tool, and have generated a CA and an encryption key. I build the and write the image. I then switch back to "internal boot mode", and set the appropriate DIP switch on the EVK to enable encrypted XIP. When the MCU starts the application runs, which is expected. However, if I build without encrypted XIP enabled and perform the same procedure, the application still boots, even when the DIP switch is set to enable encrypted XIP.

Is this expected? I assumed that as long as encryption was enabled the image that's executed had to be encrypted, but perhaps it's only an optional thing? I.e. when booting with encrypted XIP both encrypted and non-encrypted images are supported? Of course, if I try an unsigned image it won't boot it, and an encrypted image won't boot without the DIP switch to enable encrypted XIP set.

Thanks,
Daniel

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Jump to solution
‎07-05-2024 04:06 PM
1,084 Views
diego_charles
NXP TechSupport
NXP TechSupport

Hi @MulattoKid 

Yes, this is expected, I have replicated the same procedure on the past using the  i.MX RT1060-EVK . As you mentioned once you enabled secure boot the BootROM will not longer accept images that are not signed, and as you figure out, after you enable the use of encrypted images, you can still boot non-encrypted images, but they must be signed. 

Diego

 

 

View solution in original post

0 Kudos
Reply
2 Replies

Jump to solution
‎07-05-2024 04:06 PM
1,085 Views
diego_charles
NXP TechSupport
NXP TechSupport

Hi @MulattoKid 

Yes, this is expected, I have replicated the same procedure on the past using the  i.MX RT1060-EVK . As you mentioned once you enabled secure boot the BootROM will not longer accept images that are not signed, and as you figure out, after you enable the use of encrypted images, you can still boot non-encrypted images, but they must be signed. 

Diego

 

 

0 Kudos
Reply

Jump to solution
‎07-28-2024 10:05 PM
983 Views
MulattoKid
Contributor IV

Hi @diego_charles,

Thanks for confirming!

Reply