AnsweredAssumed Answered

LPC54S018 securely booting was failed!

Question asked by Kunsen Chen on Nov 3, 2019
Latest reply on Nov 20, 2019 by Felipe García

I have reference AN12352 and try to operate my board, but obviously I failed from the result. The board can't run my encrypted image. The following is my operation.


1. As shown below, I use the elftosb tool to create a 128-bit AES key file named "aes128.key". This file can be found in the attachment.



2. I chose a bin file "hello_world.bin" from  the directory ”SDK_2.6.0_LPC54S018_MDK\boards\lpcxpresso54s018\demo_apps\hello_world“ as the object of encryption. I have tested the file by programing it to my board and my board could run it successfully before encryption. The file "hello_world.bin" can be found in the attachment. Next, I used the elftosb-gui tool to encrypt the file.  My operation is shown below.



3. I use the blhost to program the AES key to OTP. At the begining, I directly use the AES key file "aes128.key" to program, and the blhost pointed that something wrong as the first picture below. I thought about it for a moment, I found the datas in the file "aes128.key" are not really the hex datas, so I changed the file "aes128.key" to the "aes128.bin". The file "aes128.bin" is also in the attachment. Then I program the file "aes128.bin" to OTP and succeeded. The second picture below is the result.





4. I use JFlash 6.44 Lite to load the encrypted image to my board successfully.



5. Finally, I use blhost to turn on the security boot. I used the command "blhost.exe -u 0x1fc9,0x01a2" -- efuse-program-once 12 00000010" to set the secure boot type bit field, and used the command "blhost.exe -u 0x1fc9,0x01a2" -- efuse-program-once 12 00000004" to enable the sucure boot. However, when I reset my board, the board didn't print "hello world", and the Keil can not find the core in the Debug. Any operation to the board has no effect.


I guess the error may happen in the third step. The key file to programming at the beginning is wrong, but the wrong data may have been written, resulting in the correct AES key data not being written. Is that correct? Or is my other operation wrong? I hope you can help me, thank you.