FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Secure boot feature in K8X series controllers

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Secure boot feature in K8X series controllers

‎01-22-2020 08:02 AM
1,238 Views
yash_bhatt1
Contributor III

HI,

We are following whitepaper "security-wp.pdf".

Under the topic "Control of Boot flow" there is mention of setting a particular bit to make sure that secure boot-loader is always loaded. Is this particular feature available on K8X series micro controller? Is this available in all other Kinetis series MCU like K64/63?

Thank you.

Labels (1)
Labels
0 Kudos
Reply
3 Replies

‎01-23-2020 01:37 PM
1,090 Views
Sabina_Bruce
NXP Employee
NXP Employee

Hello,

An MCU like the K64, does not have secure boot. I would recommend to follow this application note.

This could be used a reference to to do a secure bootloader implementation. The K8x family has advanced security capabilities including boot ROM to support encrypted firmware updates.For example,the Kinetis K82 MCU contains automatic decryption from external serial NOR flash memory, hardware AES acceleration with side band attack protection, and hardware support for public key cryptography.

I would recommend to consider the differences in the security integration of each, since their objectives are distinct.

Best Regards,

Sabina

0 Kudos
Reply

‎01-23-2020 11:04 PM
1,090 Views
yash_bhatt1
Contributor III

Hi Sabina,

Thank you for your reply.

From K6x datasheet we understand that it does have "Hardware encryption supporting DES, 3DES, AES, MD5, SHA-1, and SHA-256 algorithms".

As they support up to 1MB internal ROM, we would not need to use external flash thus eliminating the need for on the fly decryption of data over QSPI.

We don't know if K6x series has hardware support to securely store the encryption keys i.e secure element?

What addition feature for security does K8x series has that we should consider if we are not booting externally?

Also we are right about the above assumptions right?

Thanks.

0 Kudos
Reply

‎01-30-2020 10:15 AM
1,090 Views
Sabina_Bruce
NXP Employee
NXP Employee

Hello,

The K66 has the Crypto Acceleration unit(chapter 37)  which supports the above hardware encryption. This is to increase throughput for these functions. If you are not in need of high advanced security and you are storing encrypted information or sending encrypted information this will be enough.

The Kinetis also has Flash security that can be implemented, refer to chapter 9.

If you are interested in using the K66 but need a higher level of security we also have plug and trust elements, that you can refer to here.

The K80 has a similiar security feature, the K81 is under NDA. If you would like more information on that then, the information you are requesting is treated as confidential info at this time and requires a signed NDA (Non-Disclosure Agreement) between your company and NXP.

Naturally, we cannot discuss this with you in public, this requires to be handled as a support ticket. Please let me know if you are interested in learning more about this. If that is the case, we will stop following this thread and contact you by email to verify if a usable NDA is in place and to further communicate about the technical question. 

Best Regards,

Sabina

0 Kudos
Reply