In UM11126, it says about Secure_FW_version in CFPA page just used during SB2 file loading. I am going to write a secondary bootloader that uses this monotonic counter for preventing roll-back. Now I am afraid that after altering this counter, my bootloader will not be able to boot up because of the version check when bootrom boots to my bootloader. If it checks the counter, may I use the NS_FW_version counter for my anti roll-back mechanism?
Thanks.
Hello, this is the information available for the secure boot, I need more details about your case could you elaborate further? I could not confirm what you mentioned in the user manual,
LPC55Sxx Secure Boot (nxp.com)
Best regards,
Pavel
According to the AN12283,the signed image inside the internal flash is like
that includes header, which includes version number.
In the UM11126, the manual states it just uses for during SB2 file loading.
I am working on a project that act as a secondary bootloader. I want to use the Secure_FW_version or NS_FW_Version as a monotonic counter for version checking because I don't want to waste flash size to make another CFPA-like page. I can't find the detail about how the image being validated during boot. Will it compare the image header's version number with the CFPA version number? Or it just validate the signature of the header?
Hello, sorry for the late response I was researching more information about your questions, so...
I can't find the detail about how the image is being validated during boot.
Will it compare the image header's version number with the CFPA version number? Or it just validate the signature of the header?
I apologize for the time this being take.
Best regards,
Pavel
Hello, my name is Pavel, and I will be supporting your case, let me get into your case and when I have more information, I will contact you.
Best regards,
Pavel