We are running into a problem in RT1052 platform, my software system is bootloader + application, run as XIP, which both reside in flash but not next to each other. After running bootloader, MCU will jump to application area to run.
Bootloader has been encrypted by HAB signature, but which encryption method is available for my application? After reading your AN12079, I have some questions:
1. if BEE encryption (encrypt/decrypt XIP) has been applied on the application, can I download a plain image and debug it in this area by JTAG?
2. Does encrypt XIP happen at bootable image download?
3. If the application is only encrypted by signature, is it possible to make bootloader tell MCU to check the signature before jumping?
I just want to figure out how to encrypt a XIP application, any suggestions? Thank you!
Solved! Go to Solution.
Hi Kerry, good to see you again! Thanks for your answers, I have been using NXP-MCUBootUtility and reading AN12079, based on your answers, still many confusing here.
1. This is my understanding of XIP encryption process, is it correct?
1) PC side: an unsigned image (plain image) ->add BEE configuration->.sb file (it isn't encrypted)
2) download process: .sb file is being downloaded to flash, but data belonging to the ranges of BEE indicated will be encrypted while writing, so the file in flash would be different from the original one ( in step 1)
3) bootup process: after a reboot, MCU will run the image, but once it runs code belonging to the special ranges must be decrypted firstly.
2. My bootloader did have done the HAB signature and run in flash as XIP, yes, flashloader was signed as well, but it did run as XIP. So according to your answers, it seems APP couldn't do signature encryption, because it needs a signed flashloader to work together, and only ROM code can do that, am I right?