Encrypted XiP on flexspi nor on RT1052. Signature needed?

取消
显示结果 
搜索替代 
您的意思是: 

Encrypted XiP on flexspi nor on RT1052. Signature needed?

399 次查看
paride_russo
Contributor I

Hi,

I'm trying to to do encrypted XiP on flexspi nor on the rt1052 but I'm having some difficulties to understand the whole process.

I'm already going through lots of pdfs including Flashloader, elftosb, HAB code signing, etc.

What I have got so far but I'm unsure about is:

  • Encrypted XiP through flash serial nor does not need HAB part, hence there's no need to prepare the CSF part in the image.
  • If the above is true, do I need to set the mcu in closed mode? Because if the BEE decrypts in real-time the image then there's actually "no safe boot happening" from my understanding, but just an on the fly decryption that is transparent to the cpu; so I should be able to do encrypted XiP also in open/fab mode.
  • If the HAB is not involved and the private master key is set into SW_GP2 instead of OTPMK then I don't need to generate the private/public key because there will be no hashing of the key.

Now if I what I wrote is correct, assuming that I programmed my private key in the SW_GP2 fuses and that I set BEE_KEY0_SEL to point to SW_GP2 then I need to generate a secure binary file that will be driven by a bd file so that:

  • I define a prdb block
  • I define a keyblob

But where is encryption really happening? Is it during download phase that BEE encrypts on the fly? Or is it the elftosb tool that encrypts on pc side as secure binary?

Is there a particular pdf or manual that I can follow here? because most of what I'finding is explaining HAB or encryption but not the XiP one.

Thanks!

标签 (1)
标记 (1)
0 项奖励
1 回复

327 次查看
FelipeGarcia
NXP TechSupport
NXP TechSupport

Hello Paride,

 

SB file is generated using elftosb so encryption is happening in this side. On the encrypted XiP boot side, decryption is done via BEE and DCP.

 

I recommend you to check Security Application note AN12079 where you could find more information regarding encrypted XiP flow and examples to follow on your side.

 

I hope this helps.

 

Best regards,

Felipe

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励