OTFAD and using flash as FEE

cancel
Showing results for 
Search instead for 
Did you mean: 

OTFAD and using flash as FEE

Jump to solution
152 Views
benedek_kupper
Contributor III

We are developing an application to iMXRT1010 and want to use the last 1MB of the XIP flash chip as non-volatile data storage (FEE). How can we set up the encrypted boot and the OTFAD so that only the code section of the flash is encrypted and decrypted during execution, while the data section is not affected by it?

Labels (1)
0 Kudos
1 Solution
145 Views
mjbcswitzerland
Specialist V

Hi

The range of memory decrypted is defined by the OTFAD registers

OTFAD_CTX0_RGD_W0  (start address - 1k aligned)

and

OTFAD_CTX0_RGD_W1 (end address - 1k aligned)

and these registers can be changed during operation.

Therefore once your application starts you can adjust the end address value (as needed) and use the excluded flash area for other purposes without decryption.

Regards

Mark
[uTasker project developer for Kinetis and i.MX RT]
Contact me by personal message or on the uTasker web site to discuss professional training, solutions to problems or rapid product development requirements

For professionals searching for faster, problem-free Kinetis and i.MX RT 10xx developments the uTasker project holds the key: https://www.utasker.com/iMX/RT1011.html

 

See the uTasker project for accurate BEE and OTFAD emulation and a turn-key secure solution (OTA, clone-/IP protection and in-field updating) using a unified method that gives compatibility between i.MX RT devices with BEE and OTFAD and flexibility in changing AES256 keys rather than one-shot eFUSE programming).

It allows securing any application within 5 minutes without the usual steep learning cure and numerous tools needing to be set up.

 

- Boot loader concept including XiP on-the-fly decryption, clone protection or AES256 protected RAM execution.
-- Boot Loader concept flow chart: https://www.utasker.com/docs/iMX/Loader.pdf and usage reference https://www.utasker.com/docs/iMX/uTaskerLoader_TestDrive.pdf
-- Serial Loader features: https://www.utasker.com/docs/uTasker/uTaskerSerialLoader.pdf
-- Building the loader with MCUXpresso: https://www.utasker.com/docs/iMX/MCUXpresso.pdf (and video guide https://youtu.be/p_eUGo6GypY ) - the guide document explains how to use with any application (eg. SDK) and to enabling its operation with On-The-Fly decryption in 5 minutes
-- Building the loader with IAR: https://www.utasker.com/docs/iMX/IAR.pdf (and video guide https://youtu.be/XPCwVndP99s )
-- Building the loader with VisualStudio and GCC: https://www.utasker.com/docs/iMX/GCC.pdf (and video guide https://youtu.be/0UzLLSXABK8 )
Video Guide to encrypting NXP SDK examples to run from XiP memory using on-the-fly decryption and uploading with the µTasker loader: https://www.youtube.com/watch?v=5iT7KP691ls&list=PLWKlVb_MqDQEOCnsNOJO8gd3jDCwiyKKe&index=10
Video Guide to encrypting NXP SDK examples to run at optimal speed in internal RAM and uploading with the µTasker loader:
https://www.youtube.com/watch?v=fnfLQ-nbscI&list=PLWKlVb_MqDQEOCnsNOJO8gd3jDCwiyKKe&index=11
Video Guide for Embedded Artist OEM Module for i.MX RT 1062 showing precise secured application operation analysis: https://youtu.be/o7hQbOqhJoc

View solution in original post

0 Kudos
1 Reply
146 Views
mjbcswitzerland
Specialist V

Hi

The range of memory decrypted is defined by the OTFAD registers

OTFAD_CTX0_RGD_W0  (start address - 1k aligned)

and

OTFAD_CTX0_RGD_W1 (end address - 1k aligned)

and these registers can be changed during operation.

Therefore once your application starts you can adjust the end address value (as needed) and use the excluded flash area for other purposes without decryption.

Regards

Mark
[uTasker project developer for Kinetis and i.MX RT]
Contact me by personal message or on the uTasker web site to discuss professional training, solutions to problems or rapid product development requirements

For professionals searching for faster, problem-free Kinetis and i.MX RT 10xx developments the uTasker project holds the key: https://www.utasker.com/iMX/RT1011.html

 

See the uTasker project for accurate BEE and OTFAD emulation and a turn-key secure solution (OTA, clone-/IP protection and in-field updating) using a unified method that gives compatibility between i.MX RT devices with BEE and OTFAD and flexibility in changing AES256 keys rather than one-shot eFUSE programming).

It allows securing any application within 5 minutes without the usual steep learning cure and numerous tools needing to be set up.

 

- Boot loader concept including XiP on-the-fly decryption, clone protection or AES256 protected RAM execution.
-- Boot Loader concept flow chart: https://www.utasker.com/docs/iMX/Loader.pdf and usage reference https://www.utasker.com/docs/iMX/uTaskerLoader_TestDrive.pdf
-- Serial Loader features: https://www.utasker.com/docs/uTasker/uTaskerSerialLoader.pdf
-- Building the loader with MCUXpresso: https://www.utasker.com/docs/iMX/MCUXpresso.pdf (and video guide https://youtu.be/p_eUGo6GypY ) - the guide document explains how to use with any application (eg. SDK) and to enabling its operation with On-The-Fly decryption in 5 minutes
-- Building the loader with IAR: https://www.utasker.com/docs/iMX/IAR.pdf (and video guide https://youtu.be/XPCwVndP99s )
-- Building the loader with VisualStudio and GCC: https://www.utasker.com/docs/iMX/GCC.pdf (and video guide https://youtu.be/0UzLLSXABK8 )
Video Guide to encrypting NXP SDK examples to run from XiP memory using on-the-fly decryption and uploading with the µTasker loader: https://www.youtube.com/watch?v=5iT7KP691ls&list=PLWKlVb_MqDQEOCnsNOJO8gd3jDCwiyKKe&index=10
Video Guide to encrypting NXP SDK examples to run at optimal speed in internal RAM and uploading with the µTasker loader:
https://www.youtube.com/watch?v=fnfLQ-nbscI&list=PLWKlVb_MqDQEOCnsNOJO8gd3jDCwiyKKe&index=11
Video Guide for Embedded Artist OEM Module for i.MX RT 1062 showing precise secured application operation analysis: https://youtu.be/o7hQbOqhJoc

View solution in original post

0 Kudos