RT6xx - writing OTFAD to boot device by the app itself

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

RT6xx - writing OTFAD to boot device by the app itself

391 Views
dekel12121
Contributor I

Hi all,

I'm developing for RT685 using FlexSPI for communication with the boot device.

I'm working with MCUXpresso Secure Provisioning Tool and can successfully build, write & execute (XiP) an encrypted & signed program after blowing OTP fuses.

now, my goal is to support in-field secure updates, while the image to be written to the boot device will be received via bluetooth.

My initial thought was that the image to store will be first saved in RAM and then written to the boot device. is it achievable?

I was wondering:

1. can my app, which is XiP (executed in-place), update the image on the boot device with an encrypted image? can it achieve the same behavior of the ROM BL for writing a .sb file?

2. in case I must use the ROM BL to write a .sb file to my boot device, how can I combine the bluetooth communication as the receival path?

 

any help will be much appreciated!

 

Thank you,

Dekel

0 Kudos
Reply
11 Replies

220 Views
dekel12121
Contributor I

also, regarding IAP for programming the flash device with user data:

I currently use fsl_flexspi.c, specifically the function FLEXSPI_UpdateLUT(). whenever I call this function, my app crashes. that's true when talking about encrypted app. before encryption it worked well.

I'd appreciate your help with it.

0 Kudos
Reply

179 Views
Habib_MS
NXP Employee
NXP Employee

Hello again @dekel12121,
You can use an encrypted image with the same MCU, in this case the RT685 MCUs will running well. However, in other MCU the same image could be not work, this depending of each MCU.
The utility that can help you in the production stage is the MCUxpresso Secure Provisioning Tool version 10.0, in this software there is a "Manufacturing tool" section where you can load the .Axf to several Boards at the same time, the following image shows where this tool is located:

Habib_MS_0-1736879941058.png

For more information about how this tool works, you can review chapter 5.7 of the document called MCUXpresso Secure Provisioning Tool User Guide v.10 which can be found in the following link: MCUXpresso Secure Provisioning Tool | NXP Semiconductors

In the other hand, you can encrypt the image and at the same time does not encrypt the User data, is possible configure which region of the flash will be encrypted, and at the same time the OTFAD will be recognize the encrypted region if it configured correctly.

Finally, can you clarify me the purpose of use the function called "FLEXSPI_UpdateLUT"? Also, the SDK (version 2.16.1) offers the example called "iap_flash" that could be helpful.

BR
Habib.

0 Kudos
Reply

138 Views
dekel12121
Contributor I
thanks for letting me know about the manufacturing tool.

I've successfully tested the IAP operations using fsl_iap module! about that - how can I know if the uer data that I write is encrypted or not? also, where is the configuration you've mentioned that defines the encrypted region in the external flash (the one that the OTFAD recognizes)?

Thanks
0 Kudos
Reply

105 Views
Habib_MS
NXP Employee
NXP Employee

Hello @dekel12121,
When you use Secure Provisioning Tool V10 you chose the regions of the FLASH that will be encrypted, all of the other regions will not be encrypted, in Secure Provisioning Tool V10 is shown as the next image:

Habib_MS_0-1737061050935.png

When you write this image is created a header where configures the OTFAD with the configurations that you previously assigned.
BR
Habib

0 Kudos
Reply

373 Views
Habib_MS
NXP Employee
NXP Employee

Hello @dekel12121,
Q1. My initial thought was that the image to store will be first saved in RAM and then written to the boot device. is it achievable?
Ans: You can receive the new image in RAM but take in mind that the core will be using the RAM and could generate data collision.
Q2.an my app, which is XiP (executed in-place), update the image on the boot device with an encrypted image? can it achieve the same behavior of the ROM BL for writing a .sb file?
Ans: You can write the new image in the FLASH, but please take in consideration that the code will be running in RAM while the new image will be writing in FLASH. having clarified this, these pages can help you:
- LPC: How to place data/function/file in specified memory under MCUXpresso IDE.
- The macro called "AT_QUICKACCESS_SECTION_CODE" where is a macro of the driver "fsl_common" in our SDK.

-Also, the IAP: In Application Programming Driver  could be helps. 


In the other hand, with the propose of support you better, can you clarify me which commands of the ROM bl have you in mind to use?
2. in case I must use the ROM BL to write a .sb file to my boot device, how can I combine the Bluetooth communication as the receival path?
Ans: In this case the RT6xx does not have a specific Bluetooth incorporated, therefore the communication would be received by a module where the communication with the MCU will depending by their module.
BR
Habib

0 Kudos
Reply

359 Views
dekel12121
Contributor I
Hi Habib,
thanks for the information and quick reply!

If I understand you correctly, once I want to execute a secure FW update process:
1. the app which runs the logic for updating the flash should run from RAM (otherwise, it will overwrite itself).
2. the new image to be flashed should be stored in RAM as well, while taking care of synchronization with the running app in order to avoid memory collisions.

Did I get this right?


Regarding ROM BL commands:
Currently, in the development stage, I'm using MCUXpresso Provisioning Tool, which runs its own scripts for flashing the image. I can tell that it uses "receive-sb-file" when I write a signed & encrypted image to the boot device.
As I understand it, blhost commands, such as the above one, consist of multiple ROM BL commands. Since I'm new to this, I'm not sure which IAP functions I should use in order to write a .sb file to the boot device.
Is there an example code for this? Also, what about FCB? should that be flashed too on every secure FW update?


Thaks,
Dekel
0 Kudos
Reply

344 Views
Habib_MS
NXP Employee
NXP Employee

Hello again @dekel12121,
Taking in mind more details, you cannot write in the RAM and after write in the FLASH, in this case both memories will be using, therefore the core will not be able make fetch in any memory. However, in this app note explains better how make FOTA in the RT600.
In the other hand, with the purpose to write the FLASH you can use IAP or ISP where is are better explicated in the chapter 41.8 called "RT6xx ISP and IAP" in the RM.
Also, if you experience any issue, do not hesitate to let me know.
BR
Habib

0 Kudos
Reply

325 Views
dekel12121
Contributor I

Hi Habib,
thanks for link of the FOTA implementation in RT600.

I'm actually developing with MCUXpresso IDE, which isn't listed as a supported compilation toolchain. Is there support for FOTA under MCUXpresso somewhere?

 

In addition, can I use IAP for storing some user data (like constants, strings, etc.) on the external flash device alongside the XiP image? Will the FOTA process know to handle this?

 

Thanks.

0 Kudos
Reply

293 Views
Habib_MS
NXP Employee
NXP Employee

Hello again @dekel12121 ,
Unfortunately, is not related implementation in MCUxpresso IDE for OTA, but in the reference of this app note is linked the Git hub repository of the SBL that could be helpful, as shown in the next image:

Habib_MS_0-1736546642726.png

 

In the other hand, answering your second question, it is possible to save user data along with the XiP image via IAP, but be aware of how big your image is, in order to avoid overwriting it. I highly recommend see the app note that I shared you in a previous comment, where the FOTA is better explicated.
Also, if you experience any issue, do not hesitate to let me know.
BR
Habib.

0 Kudos
Reply

263 Views
dekel12121
Contributor I

Thanks again for the info!

Good to know I can use the flash for user data alongside the image itself! I'll take care of size and address usage, of course.

 

In addition, I'd like to ask about encryption and OTFAD:

As I mentioned in my initial post, I've used MCUXpresso Provisioning Tool for encrypting & signing the image and also for writing it to the boot device (i.e., external flash). I was wondering if the encrypted & signed image is unique to the specific MCU I'm working with or is it suitable for all similar MCUs? Namely, if I use multiple similar MCUs (RT685S), in which I burn the OTP fuses in the same way, can I use the same image for all of them? or should the image go through a customized process to be accepted by each MCU individually?

 

Thanks,

Dekel

0 Kudos
Reply

261 Views
dekel12121
Contributor I
Also about the user data in the flash alongside the image:
Does the fact that the image is encypted affects the user data in some way? I mean, can the image be encrypted and the user data not encrypted?
0 Kudos
Reply