NXP-MCUBootUtility is a GUI tool specially designed for NXP MCU secure boot. Its features correspond to the BootROM function in NXP MCU. Currently, it mainly supports i.MXRT series MCU chips, Compared to NXP official security enablement toolset (OpenSSL, CST, sdphost, blhost, elftosb, BD, MfgTool2), NXP-MCUBootUtility is a real one-stop tool, a tool that includes all the features of NXP's official security enablement toolset, and what's more, it supports full graphical user interface operation. With NXP-MCUBootUtility, you can easily get started with NXP MCU secure boot.
The main features of NXP-MCUBootUtility include:
- Support i.MXRT1021, i.MXRT1051/1052, i.MXRT1061/1062, i.MXRT1064 SIP
- Support both UART and USB-HID serial downloader modes
- Support various user application image file formats (elf/axf/srec/hex/bin)
- Can validate the range and applicability of user application image
- Support for converting bare image into bootable image
- Support for loading bootable image into FlexSPI NOR and SEMC NAND boot devices
- Support for loading bootable image into LPSPI NOR/EEPROM recovery boot device
- Support DCD which can help load image to SDRAM
- Support HAB encryption (Signed only, Signed and Encrypted)
- Can back up certificate with time stamp
- Support BEE encryption (SNVS Key, User Keys)
- Support common eFuse memory operation (eFuse Programmer)
- Support common boot device memory operation (Flash Programmer)
- Support for reading back and marking bootable image(NFCB/DBBT/FDCB/EKIB/EPRDB/IVT/Boot Data/DCD/Image/CSF/DEK KeyBlob) from boot device
NXP-MCUBootUtility is developed in Python, and it is open source. The development environment is Python 2.7.15 (32bit), wxPython 4.0.3, pySerial 3.4, pywinusb 0.4.2, bincopy 15.0.0, PyInstaller 3.3.1 (or higher).
NXP-MCUBootUtility is packaged by PyInstaller, all Python dependencies have been packaged into an executable file (\NXP-MCUBootUtility\bin\NXP-MCUBootUtility.exe), so if you do not want to develop NXP-MCUBootUtility for new feature, there is no need to install any Python software or related libraries.
Note1: Before using NXP-MCUBootUtility, you need to download HAB Code Signing Tool from NXP website,upzip it and put it in the \NXP-MCUBootUtility\tools\cst\ directory, then modify the code to enable AES function and rebuild \NXP-MCUBootUtility\tools\cst\mingw32\bin\cst.exe, or HAB related encryption function can not be used properly。See more details in 《The step-by-step guide to rebuild cst.exe for HAB encryption》
Note2: Before using NXP-MCUBootUtility, you need to rebuild the source in \NXP-MCUBootUtility\tools\image_enc\code directory to generate image_enc.exe and put it in \NXP-MCUBootUtility\tools\image_enc\win directory, or BEE related encryption function can not be used properly。See more details in 《The step-by-step guide to build image_enc.exe for BEE encryption》
NXP-MCUBootUtility is a pure green free installation tool. After downloading the source code package, double-click "\NXP-MCUBootUtility\bin\NXP-MCUBootUtility.exe" to use it. No additional software is required.
Before the NXP-MCUBootUtility.exe graphical interface is displayed, a console window will pop up first. The console will work along with the NXP-MCUBootUtility.exe graphical interface. The console is mainly for the purpose of showing error information of NXP-MCUBootUtility.exe. At present, NXP-MCUBootUtility is still in development stage, and the console will be removed when the NXP-MCUBootUtility is fully validated.
The following figure shows the main interface of the NXP-MCUBootUtility tool. The interface consists of six parts.
Hello,
I've tried the "HAB Encrypted Image Boot" on NXP MCU Boot Utility 1.4.0 and found that it doesn't support the MCU device 'i.MXRT 102x' but 'i.MXRT 105x'.
could you please tell me why? or are there any settings to enable it?
Thanks,
Calvin
Hi Jay,
Thanks for your reply.
About the limitation, I couldn't find the difference from both iMXRT102x_ReferenceManual and iMXRT105x_ReferenceManual, the descriptions about security or AES something are totally the same, could you please explain in advance? or please let me know where I can find these info.
Thanks,
Calvin
Hello,
the file "image_enc.zip" can not be downloaded in the described link.
Is there another place where I can download the file?
Best Regards,
Johann
The link is powered by Baidu, maybe it blocks Non-Chinese IP access.
Contact me by Email: hengjie1989@foxmail.com
Could you confirm whether there is a difference or not regarding the security features of IMX RT 1050, IMX RT 1021,and 1015?
Security Reference Manual is only available on IMX RT 1050 product page (and it is old and preliminary at the same time).
Good day All,
Has anyone tested this utility program with the RT1021 with the serial flash chip (same as used on the RT1021 EVK) connected to the secondary pinmux? I ask, as I have been trying to use this utility on my RT1021 PCB and was getting an error that the utility could not communicate with the serial flash device. After several hours of checking, etc I decided to connect a logic analyzer to the serial flash chip and found no activity between the RT1021 and the serial flash chip when the MCUBootUtility was trying to communicate with the device. Just to double check that my logic analyzer was functioning properly, I set my boot-mode switches to internal boot and confirmed logic activity between the RT1021 and serial flash chip. I have tried the latest version of MCUBootUtility (Ver 2.1.0) and the previous version (2.0.0) and I get the same results.
I do know that the MCUBootUtility is communicating with my RT1021, as I am seeing Device status register information being read from my device.
Thanks in advance!
Cheers,
Sam