AnsweredAssumed Answered

S32K14xx security boot production programming solution

Question asked by Leo Cheng on Oct 11, 2019
Latest reply on Jan 23, 2020 by Tom Christiansen

Hello everyone,


I am studying the security boot in S324146. I found these resource about security boot,

   -  Getting Started with CSEc Security Module        AN5401  AN5401SW  

   -  S32SDK_S32K1xx_RTM_3.0.0\examples\S32K146\demo_apps\csec_boot_protection


Basically, the procedure to enable security boot is like this, 


1. Execute program partition command in RAM(only take effect after next reset)

2. Reset

3. Program MASTER_ECU_KEY,BOOT_MAC_KEY and other user keys

4. Define the secure boot flavor and the BOOT_SIZE using CMD_BOOT_DEFINE command

5. Program code to be security boot protected

6. Program BOOT_MAC
      a. Automatically: Power on reset. The CSEc calculates BOOT_MAC and stores it in secure memory slot
      b. Manually: using another program(runing in RAM) to calculate BOOT_MAC and program it.

7. Security boot will work in next power on reset


The examples provided by NXP need lanuch several external programs to enable security boot during step 1- step 4, so my question is if 100K need to enable security boot in mass production, what is the best solution?