LPC55S69 : update Protected Flash Region

EugeneHiihtaja · ‎11-23-2019

Hello !

Do I undestand right and CMPA page can by updated multiple times if it not locked ?

"

This page could be locked after manufacturer programs the page. This is done by writing the SHA 256 digest of the CMPA page
into the SHA memory space of CMPA area ( 0x9E5E0 - 0x9E5FF).

"

And I can easily enable and disable secure boot multiple time.

CFPA scratch page can be updated multiple times e,g as many firmware updates are exists.

and reboot is need for setup internally correct ping/pong page internally.

"Application code uses FLASH API to update the scratch page which remains outside the protected region."

But MassErase operation can erase whole protected flash region if CMPA area is not locked ?

Or it is never erased during mass erase and always require separate erase/write operations ?

But in any case MCU can be put to ISP mode by external pin and reboot and any area of flash/sram can be read freely ?

You can write something but it never boot becouse secure boot enabled.

But in ISP mode PRINCE is not active and not possible to read back real code only encrypted. Is this so ?

But SRAM have some real context.

Or what is limited set of SIP command if secure boot is enabled ?

"• If secure boot is enabled or debug authentication fields (CC_SOCU_xxx) fields are not in default state
then limited ISP comands are allowed "

Could you point me to this limitation explanation ?

I should clearly undestand what protection is available in case of secure boot is enabled and via ISP mode

user try to read/write/erase some areas.

Regards,

Eugene

FelipeGarcia · ‎11-27-2019

Hi Eugene,

You are correct, CMPA page can be updated multiple times if it is not locked. A mass erase will not erase this protected area, you need to access to it by using ROM APIs.

If firmware updates are to be performed in the field when secure boot is enabled, then a

secure firmware update mechanism is preferred. When secure boot is enabled you can access to flash through ISP. However, your SB file should be symmetrically encrypted so this file can be correctly booted and image can be updated.

I recommend you to check chapter 5.6 of the following application note.

https://www.nxp.com/docs/en/application-note/AN12283.pdf

Best regards.

Felipe

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

EugeneHiihtaja · ‎11-27-2019

Hi Felipe !

Thank you !

Overall secure boot is clear but a lot of details are not well documented.

If secure boot is enabled and ISP as well how I can be sure what kind of commands are still available.

We no need any commands what can read context of SRAM flash or able to upload something to SRAM and execute.

What means " limited ISP comands are allowed" ? can the be limited one by one or some set is disabled ?

We still need to set nIRQ pin for handshake and mass erase can be good for clean MCU if so.

Also SB2.1 file format is not so well documented.

Do you have more info for be sure if we can trust to this kind of secure boot ?

Regards,

Eugene

FelipeGarcia · ‎11-27-2019

Hi Eugene,

I see you have asked the same question in this different thread to my colleague.

LPC55S69 : protect flash memory from erase while ISP

To have only one communication channel, you will be answered in the post above where internal team has already been informed.

Best regards,

Felipe

LPC55S69 : update Protected Flash Region

LPC55S69 : update Protected Flash Region

LPC55xx