Is BEE automatically enabled when programming an encrypted image?

cancel
Showing results for 
Search instead for 
Did you mean: 

Is BEE automatically enabled when programming an encrypted image?

Jump to solution
589 Views
henrique1
Contributor III

Hi,

I'm trying to learn more about the secure manufacturing programming techniques with the imx 1020. To maintain code confidentiality, the programmed flash image should be encrypted, and, from my understanding, the standard process then is to generate an SB file and use it with the MfgTools to automatically setup the device for the required configurations.

My question is then, if I want to perform flash writes/reads later on, is the encryption/decryption going to happen transparently or should I purposefully set up the bus encryption engine to make it work?

Thanks in advance!

Henrique

Labels (1)
Tags (3)
1 Solution
391 Views
jay_heng
NXP Employee
NXP Employee

image encryption always needs to be done manually, that's why we have another host tool to do this job.

you can update part of encrypted code, only if new code is encrypted by the same key.

View solution in original post

3 Replies
391 Views
jay_heng
NXP Employee
NXP Employee

You can try this one-stop GUI tool for encrypted image downloading: GitHub - JayHeng/NXP-MCUBootUtility: A one-stop boot utility tool based on Python2.7+wxPython4.0, it...

if BEE has been well configured by ROM, any AHB flash read in your app will be with BEE decryption automatically, but for flash write, it has nothing to do with BEE

391 Views
henrique1
Contributor III

Hi Jay Heng,

Thank you very much for your reply.

So, if I want to secure the dynamic flash read/writes I should manually take care of encrypting/decrypting that data, since it would be outside the BEE region, right?

But what if I would like to perform field-firmware-updates and replace the app-code data with new encrypted code? Will that be possible to set up as well, meaning, using the same SNVS key to encrypt the data in flash?

Best regards,

Henrique

0 Kudos
392 Views
jay_heng
NXP Employee
NXP Employee

image encryption always needs to be done manually, that's why we have another host tool to do this job.

you can update part of encrypted code, only if new code is encrypted by the same key.