Hi Team,
I'm using i.MXRT1160_EVK board for my sample development work, where I want to enable the XiP encryption with OTFAD module.
My work plan is create the bootloader which will execute the slot-0 application. if any update image is available in slot-1 it has to swap the image between slots and execute content.
I'm using zephyr and mcuboot code for my project work. Can able to encrypt the mcuboot and slot-0 application and run it successfully!!
| MCUBOOT |
| Slot-0 (application) |
| Slot-1 (upgradable image) |
The problem i'm facing is when create encrypted upgraded image it was not able to decrypt correctly.
I assume OTFAD decryption is having flash location dependent. If i prepare image for slot-0 location and flash it directly to that location it's working.
In-case, if i do prepare image for slot-0 and flash it on slot-1 location then moving to slot-0 location and then execute it's getting failed. So, OTFAD will decrypt the content in the content remains same on same location else it will not decrypt properly?
Is that my assumption correct or am i missing something here?
commands used for creating encrypted binaries:
MCUboot:
iimage_enc.exe ifile=.\bootloader.signed.bin ofile=bootloader_enc.bin base_addr=0x30001000 kek=DAD4561645792590D5946289F043BECD otfad_arg=[0123456789abcdeffedcba9876543210,0020406001030507,0x30001000,0x0001F000],[383D4385A925D2EE734843817589F955,0020406001030508,0x30020000,0x002FE000]otfad_ctx_lock=0,0,0,0 is_boot_image=0 hw_eng=otfad
Slot-0:
image_enc.exe ifile=.\zephyr.signed.bin ofile=image1_enc.bin base_addr=0x30020000 kek=DAD4561645792590D5946289F043BECD otfad_arg="[383D4385A925D2EE734843817589F955,0020406001030508,0x30020000,0x02fe000]" is_boot_image=0 hw_eng=otfad
Slot-1:
image_enc.exe ifile=.\zephyr.signed.bin ofile=image2_enc.bin base_addr=0x30020000 kek=DAD4561645792590D5946289F043BECD otfad_arg="[383D4385A925D2EE734843817589F955,0020406001030508,0x30020000,0x02fe000]" is_boot_image=0 hw_eng=otfad
Let me if any further information is required.
Thanks,
Sathishkumar K
