FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Will LPC55S69 Secure Boot ROM check version every time it boots up

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Will LPC55S69 Secure Boot ROM check version every time it boots up

‎02-08-2023 06:57 PM
706 Views
Halry
Contributor I

In UM11126, it says about Secure_FW_version in CFPA page just used during SB2 file loading. I am going to write a secondary bootloader that uses this monotonic counter for preventing roll-back. Now I am afraid that after altering this counter, my bootloader will not be able to boot up because of the version check when bootrom boots to my bootloader. If it checks the counter, may I use the NS_FW_version counter for my anti roll-back mechanism?

Thanks.

0 Kudos
Reply
4 Replies

‎02-13-2023 09:23 PM
662 Views
Pavel_Hernandez
NXP TechSupport
NXP TechSupport

Hello, this is the information available for the secure boot, I need more details about your case could you elaborate further? I could not confirm what you mentioned in the user manual,

LPC55Sxx Secure Boot (nxp.com)

Best regards,
Pavel

0 Kudos
Reply

‎02-13-2023 11:12 PM
658 Views
Halry
Contributor I

According to the AN12283,the signed image inside the internal flash is like 

 

Halry_0-1676354556932.png

 

that includes header, which includes version number.

In the UM11126, the manual states it just uses for during SB2 file loading.

Halry_1-1676354941442.png

 

I am working on a project that act as a secondary bootloader. I want to use the Secure_FW_version or NS_FW_Version as a monotonic counter for version checking because I don't want to waste flash size to make another CFPA-like page. I can't find the detail about how the image being validated during boot. Will it compare the image header's version number with the CFPA version number? Or it just validate the signature of the header?

Halry_2-1676355042315.png

 

 

0 Kudos
Reply

‎02-22-2023 07:35 PM
563 Views
Pavel_Hernandez
NXP TechSupport
NXP TechSupport

Hello, sorry for the late response I was researching more information about your questions, so...

I can't find the detail about how the image is being validated during boot. 

Pavel_Hernandez_1-1677119296453.png

Will it compare the image header's version number with the CFPA version number? Or it just validate the signature of the header?

Pavel_Hernandez_0-1677119283497.png

Pavel_Hernandez_2-1677119629373.png

I apologize for the time this being take.

Best regards,
Pavel

 

0 Kudos
Reply

‎02-10-2023 08:59 PM
681 Views
Pavel_Hernandez
NXP TechSupport
NXP TechSupport

Hello, my name is Pavel, and I will be supporting your case, let me get into your case and when I have more information, I will contact you.

Best regards,
Pavel

0 Kudos
Reply