AnsweredAssumed Answered

LPC54S018 second attempt at encryption

Question asked by Kunsen Chen on Nov 26, 2019
Latest reply on Dec 5, 2019 by Alice_Yang

I use the routine “lpcxpresso54s018m_xip_with_secure_boot_an_demo” provided by AN12352SW to encrypt, and do the secure boot of LPC54S018 in 5 steps referring to AN12352. 

1. Divide the image into two parts by modifying linker script. The demo have done it and I did not make any changes.

2. Create the image.

Note : In the case of normally boot, if I loaded the image directly, it will run successfully.


Split the image as secure-plain text and non-secure.

From the image above, the image_length equals 0x000056CC, so the total length of the image is 0x000056CC+4.

The secure-plain text image is from address 0 to address (0x000056CC+4-1) of the original image binary. This image is used to create the secure-bootable part image.
The non-secure image is from address 0x0010_0000 to the end of the original image. This image is as non-secure part image.


Create the secure bootable part image based on secure-plain text image.

Use elftosb to generate 128 bits AES key.

Use the elftosb-gui to create the secure-bootable part image.


3. Program the two parts of the image into the flash.

program secure bootable part image into Flash.

It would prompt me to add check code and I clicked 'No'.


program the non-secure part image into Flash


4. Program the 128 bits AES key to OTP.

program the AES key use blhost.


5. Program the related OTP bit fields to enable secure boot.

use blhost and the following commands to program related OTP bit fields.

 blhost.exe -u 0x1fc9,0x01a2 -- efuse-program-once 12 00000010

 blhost.exe -u 0x1fc9,0x01a2 -- efuse-program-once 12 00000004


finally, I reset my board, but it was failed, because there was no any print on debug consule and the debug on Keil can not check my core. I can't connect the PC and the board with SWD.


What did I do wrong?I need some help. Thanks.