FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

i.mx RT1171 OTFAD&HAB secure boot

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

i.mx RT1171 OTFAD&HAB secure boot

a week ago
79 Views
samet-san
Contributor I

Hello 

We have a I.MX RT1171 MCU.   We use  a external Flash. 

We want to do secure boot with OTFAD or IEE or HAB. I implemented instructions in Security Reference Manual. But I couldn't run it. 

Fuses are below ; 

Fuse request: 0x960 |= 0x10 (mask: 0x10); current value=0x1a; status=MATCHES
Fuse request: 0x970 |= 0x0 (mask: 0x1000); current value=0x0; status=MATCHES
Fuse request: 0x860 |= 0x40 (mask: 0x40); current value=0xc068; status=MATCHES
Fuse request: 0x8E0 |= 0x40 (mask: 0x40); current value=0x252; status=MATCHES
Fuse request: 0xC70 |= 0x0 (mask: 0x10); current value=0x0; status=MATCHES


I am doing what  is wrong?

 

0 Kudos
Reply
3 Replies

Wednesday
37 Views
diego_charles
NXP TechSupport
NXP TechSupport

Hi @samet-san 

I hope that you are doing well. 

I see that you already burned security related fuses on your MCU. Did you already burned the SRK related fuses?

diego_charles_0-1718810640168.png

They are required and their value depends on the certificate you generate for secure boot. After those fuses are burned you need to generate the signed bootable image using the same certificate. Try generating a signed image using HAB with the MCUXpresso Secure Provisioning tool. Make sure to import your certifcates, so the tool could sign the image with them.

Let me know if I there is anything else where I could help you.

Diego

 

0 Kudos
Reply

Wednesday
19 Views
samet-san
Contributor I

Thank you Diego. 

I burned fuses you  say.  But I didnt want to share them. 

I tried diffrent options in MCUXpresso Secure Provisioning. But I dont know which one of them is correct. 

 

I choosed "Boot : Encrypted(HAB)" . I hope it is correct. But I want to use OTFAD and HAB together.

I dont know  how can I do it.

Thanks a lot.

0 Kudos
Reply

yesterday
6 Views
diego_charles
NXP TechSupport
NXP TechSupport

Hi @samet-san 

Yes, you made well not sharing those  fuses!  I did it  becuase I am not using them, and thanks for the confirmation. 

I you want to use OTFAD and HAB please use the Encrypted( OTFAD) authenticated option. Below a reference image

diego_charles_0-1718902097576.png

Please check step by step setup in the section 6.2.3.9 Booting OTFAD encrypted image authenticated with user keys of the SPT User guide ( click on Help tile of the tool to open the guide) 

I hope this could help you!

Diego

0 Kudos
Reply