FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

LPC55S69 : protect flash memory from erase while ISP

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LPC55S69 : protect flash memory from erase while ISP

‎11-23-2019 12:52 PM
933 Views
EugeneHiihtaja
Senior Contributor I

Hello !

I can see in UM that CPMA can be sealed and not possible to update it any more.

But what about other flash memory areas ?

Can some areas be written once only and protected from erase some how ?

Or application can set some protection to flash memory and next updated is not able to remove it ?

is this possible ?

Regards,

Eugene

Labels (1)
Labels
0 Kudos
Reply
4 Replies

‎11-25-2019 01:44 AM
729 Views
ZhangJennie
NXP TechSupport
NXP TechSupport

Hi  Eugene Hiihtaja 

Once CMPA SECURE_BOOT_EN is set, secure boot is enabled.

If the secure boot is turned on, we can't program a new image to flash anymore. All flash memory is unaccessible.
The only way to update flash is by using sb file.


Have a great day,
Jun Zhang

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

‎11-25-2019 02:10 AM
729 Views
EugeneHiihtaja
Senior Contributor I

Hi Jun Zhang !

So 1B revision supports SB2.1 file format only and if secure boot is enabled only one command to transfer SB file to ROM remains to be supported ?

How I should understand chapter 7.3.6.4.3 Bootable section in UM ?

"

SB 2.1 introduces two new commands that can be used to prevent firmware roll-back:
SecureFirmwareVersion
NonsecureFirmwareVersion
The recovery boot mode on the 1B version of the LPC55S6xx that is using SB 2.1, only
supports two commands:
WriteMemory (RAM only) and Execute.

"

Could it be possible to specify what exact ISP commands are supported if SecureBoot is enabled ?

I assume all commands what is able to read any memory areas and execute should be disabled.

We would like to keep some SRAM area over reboot/update and it shouldn't be any way to read it by ISP.

How to enable/disable recovery boot mode ? Or how it works ?

What is not clear in case of SB2.1 type of update. If ROM decrypt it on fly and use PRINCE after that to encrypt it on fly.

Thank you !

Regards,

Eugene

0 Kudos
Reply

‎11-27-2019 01:38 AM
729 Views
ZhangJennie
NXP TechSupport
NXP TechSupport

As the UM doesn't say which ISP command is allowed after secure boot is enabled, I need check it internally.

I will keep you informed.

Thanks,

Jun Zhang

0 Kudos
Reply

‎11-27-2019 01:52 AM
729 Views
EugeneHiihtaja
Senior Contributor I

Hi Jun Zhang !

Yes , we need this info.

We really would like to use SB2.1 container for secure firmware update and need to understand all risks and etc.

 CPMA page is also not so well specified.

Regards,

Eugene

0 Kudos
Reply