Hello
We have a I.MX RT1171 MCU. We use a external Flash.
We want to do secure boot with OTFAD or IEE or HAB. I implemented instructions in Security Reference Manual. But I couldn't run it.
Fuses are below ;
Fuse request: 0x960 |= 0x10 (mask: 0x10); current value=0x1a; status=MATCHES
Fuse request: 0x970 |= 0x0 (mask: 0x1000); current value=0x0; status=MATCHES
Fuse request: 0x860 |= 0x40 (mask: 0x40); current value=0xc068; status=MATCHES
Fuse request: 0x8E0 |= 0x40 (mask: 0x40); current value=0x252; status=MATCHES
Fuse request: 0xC70 |= 0x0 (mask: 0x10); current value=0x0; status=MATCHES
I am doing what is wrong?
Hi @samet-san
I hope that you are doing well.
I see that you already burned security related fuses on your MCU. Did you already burned the SRK related fuses?
They are required and their value depends on the certificate you generate for secure boot. After those fuses are burned you need to generate the signed bootable image using the same certificate. Try generating a signed image using HAB with the MCUXpresso Secure Provisioning tool. Make sure to import your certifcates, so the tool could sign the image with them.
Let me know if I there is anything else where I could help you.
Diego
Thank you Diego.
I burned fuses you say. But I didnt want to share them.
I tried diffrent options in MCUXpresso Secure Provisioning. But I dont know which one of them is correct.
I choosed "Boot : Encrypted(HAB)" . I hope it is correct.
I dont know how can I do it.
Thanks a lot.
Hi @samet-san
Yes, you made well not sharing those fuses! I did it becuase I am not using them, and thanks for the confirmation.
I you want to use OTFAD and HAB please use the Encrypted( OTFAD) authenticated option. Below a reference image
Please check step by step setup in the section 6.2.3.9 Booting OTFAD encrypted image authenticated with user keys of the SPT User guide ( click on Help tile of the tool to open the guide)
I hope this could help you!
Diego