RT1050: HAB signature for NOR flash XIP

jayyehtw · ‎01-15-2021

Hi,

I would like to implement the secure boot functionality for my customized RT1051-based device.

The device is running in Xip mode with the IS25LP064A NOR flash.

After reading the rt1050 security reference manual and some material in the forum, the available secure boot methods are:

1. HAB signature only

2. HAB signature + encryption

3. BEE

Option 2 was said not to be feasible for the Xip scenario.

Is option 1 (HAB signature only) feasible for the Xip scenario?

BEE seemed to be overkill for my application, so I would like to know if there's a method to perform application certification only in the Xip mode.

Thanks.

jeremyzhou · ‎01-17-2021

Thank you for your interest in NXP Semiconductor products and for the opportunity to serve you.
1) Is option 1 (HAB signature only) feasible for the Xip scenario?
-- Yes, and I'd like to suggest you implement the HAB plus BEE for your project.
Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

jeremyzhou · ‎01-17-2021

Thank you for your interest in NXP Semiconductor products and for the opportunity to serve you.
1) Is option 1 (HAB signature only) feasible for the Xip scenario?
-- Yes, and I'd like to suggest you implement the HAB plus BEE for your project.
Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

jayyehtw · ‎01-17-2021

Hi,

Thanks for your prompt reply.

Please kindly help check if my understanding is correct:

For XIP, to realize HAB signature only:

Choose the HAB singed Image Boot form the MCU boot utility and follow the operations.

For XIP, to realize BEE only:

Choose the BEE encrypted Image Boot form the MCU boot utility and follow the operations.

For XIP, to realize BEE + HAB signature

Choose the BEE encrypted Image Boot form the MCU boot utility and set the "Enable Certificate for HW(BEE/OTFAD) encryption" option to be Yes.

jeremyzhou · ‎01-18-2021

Hi,
Thanks for your reply and your understanding is right.
Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

RT1050: HAB signature for NOR flash XIP

RT1050: HAB signature for NOR flash XIP

i.MXRT 105x