HAB API information for RT1050 processor

javierw · ‎03-29-2019

Hi,

I am referencing to the document AN12079, How to use i.MXRT Security Boot, refer to section 3.3 Encrypt XIP using elfosb. I notice that there isn't any guide to burns the KEYS to SW-GP2 and the full bit selection for PRDB options. Can you guide me on this?

Based on the documentation, do my thought on the flow of elfosb tool to do the encryption as below is correct?

elfosb tool read the prgram_xxx_hyperflash.bd file -> tool will read the keys from OTPMK or SW-GP2 accordingly to PRDB options (assume option selected to use key in SW-GP2) -> do the encryption on the image using the SW-GP2 key to generate boot_image.sb

Appreciate if you could help.

Thanks.

jeremyzhou · ‎04-02-2019

Hi Javier Wan,

Thank you for your interest in NXP Semiconductor products and for the opportunity to serve you.
Q1) Can you guide me on this?
-- Please contact the local AE to request the security version of the tool which is a GUI tool specially designed for NXP MCU secure boot.
https://github.com/JayHeng/NXP-MCUBootUtility
Q2) Based on the documentation, do my thought on the flow of elfosb tool to do the encryption as below is correct?
-- Yes.
Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

hydron · ‎04-02-2019

Hi Jeremy,

Q1) This is the extract of the program_flexspinor_image_hyperflash_encrypt.bd which in the AN12079, Session 3.3.2.

#3 Prepare PRDB options
# 0xe0120000 is an option for PRDB contruction and image encryption
# bit[31:28] tag, fixed to 0x0E
# bit[27:24] Key source, fixed to 0 for A0 silicon
# bit[23:20] AES mode: 1 - CTR mode
# bit[19:16] Encrypted region count
# bit[15:00] reserved in A0
load 0xe0120000 > 0x4000;
# Region 0 start
load 0x60001000 > 0x4004;
# Region 0 length
load 0x00001000 > 0x4008;
# Region 1 start
load 0x60002000 > 0x400c;
# Region 1 length
load 0x0000e000 > 0x4010;
# Program PRDB0 based on option
enable flexspinor 0x4000;

From all the documents available, Im unable to find any information regarding above session. I hope your side able to provides me more information on this.

Regards,

EK HOR

jeremyzhou · ‎04-08-2019

Hi hydron,

Thanks for your reply.
Please check the attachment.

hydron · ‎04-12-2019

HI Jeremy,

I cant find any information regarding on the PRDB Options in the attachment. can you please specific the page number or chapter?

srinivas_chilaka · ‎04-14-2019

Hi EK Hor,

Please refer the MCUX Flashloader ref manual. Its available in flashloader/doc folder.

hydron · ‎04-14-2019

Thanks. Found it. But it seem PRDB block option cant select SW-GP2 as keys.

srinivas_chilaka · ‎04-25-2019

There is space in effuses to store secret keys. Look at RF for 1050 Chapter 5: Fusemap.

Look for GP1, GP2, GP3, SW_GP1 fuses. They are 32bit wide.

Look for SW_GP2 fuses. It is 128bit wide.

Fuses GP1_LOCK, GP2_LOCK, SW_GP1_LOCK, SW_GP2_LOCK, SW_GP2_RLOCK, GP3_LOCK can lock these fuses.

They all are OTP.

hydron · ‎04-25-2019

Hi,

Thanks for replying. I knew SW_GP2 fuses is OTP.

Maybe my question is not clear enough. My main objective is to generate encrypted image using SW_GP2 as keys.

From example given, the elfosb capable to do it using OTPMK as keys. But out there do not have reference for generating encrypted image using SW_GP2 as keys.