Home
/
NXP Semiconductors
/
SLN-LOCAL2-IOT
/
User Manual

NXP Semiconductors SLN-LOCAL2-IOT, User Manual

Share

Page: 54 / 87

NXP Semiconductors SLN-LOCAL2-IOT User Manual Download Page 54

Chapter 8

Security architecture

8.1 Application chain of trust

The basis of the security architecture implemented in the SLN-LOCAL2-IOT are the signed application images. The signing
requires the use of a Certificate Authority (CA). NXP has its own CA to sign applications in the factory, but the CA is not shared
with customers.
The CA is used to create signing entities for the bootloader and application, as shown in

. The certificate from the CA

is stored in the SLN-LOCAL2-IOT’s filesystem and used to verify the signatures of the signing entity certificates. In addition, the
locally stored certificates from the signing entities are used to verify the signature of firmware images coming in the Over-the-Air
(OTA) or Over-the-Wire (OTW) bootloader interfaces.

Figure 68. Application chain of trust

When creating new firmware images for a secure boot implementation, the Automated Manufacturing Tool (Ivaldi) can be used
alongside your unique CA.

8.2 FICA and image verification

The FICA table is a section inside the filesystem that describes the images that will be booted. It contains information about
the image and signatures of the applications used to ensure that only verified firmware is executed. This ensures that malicious
images cannot be executed without being signed by the certificate authority and certificate that is programmed into the filesystem.
Before any image is jumped to, it is first verified using the signature from its associated FICA entry.
For example, the standard boot flow (

) is as follows:

• The bootstrap uses the bootloader FICA entry to validate the bootloader.
• The bootloader uses the AppA FICA entry to validate the AppA image.
• The bootloader uses the AppB FICA entry to validate the AppB image.

For final production, the solution provides programming scripts to enable the i.MX RT High Assurance Boot (HAB) to verify and
protect the bootstrap component. Enable the HAB for your end product. The downside of having this security protection enabled
is that programming new images can be a little more complex, because it requires signature generation. Because this flow may
be time consuming and not required for basic development tasks, NXP introduced some bypasses to make the job easier.

These bypasses should not be deployed in production.

NOTE

NXP Semiconductors

SLN-LOCAL2-IOT Developer’s Guide, Rev. 0, 19 April 2021

User's Guide

54 / 87

«
...
52
53
54
55
56
...
»

Summary of Contents for SLN-LOCAL2-IOT

Page 1: ...SLN LOCAL2 IOT Developer s Guide NXP Semiconductors Document identifier SLN LOCAL2 IOT DG User s Guide Rev 0 19 April 2021 ...

Page 2: ...ce control demo 24 5 3 Turning off image verification 25 5 3 1 Turning off bootstrap image verification 25 5 3 2 Turning off bootloader image verification 26 5 4 Programming the firmware and artifacts 27 5 4 1 Bootstrap bootloader and local voice control application images 28 5 4 2 Audio playback files 29 5 4 3 Image verification certificate and keys 33 5 4 4 Flash Image Configuration Area FICA 35...

Page 3: ...ate 60 9 3 Over the Air OTA and Over the Wire OTW updates 61 9 4 Transfers 61 9 4 1 JSON messages 62 9 4 1 1 Start request 62 9 4 1 2 Block request 63 9 4 1 3 Stop request 63 9 4 1 4 Activate image request 63 9 4 1 5 Start self test request 63 9 4 1 6 Clean request 64 9 4 1 7 Response format 64 9 5 Testing OTA OTW updates 64 9 5 1 OTA setup 64 9 5 2 OTW setup 64 9 6 Running the test script 65 Chap...

Page 4: ...ot programming with High Assurance Boot HAB 77 11 4 1 HAB setup 77 11 4 2 Creating the images 79 11 4 3 Programming the images 80 Chapter 12 References 83 Chapter 13 Acronyms 84 Chapter 14 Revision history 86 NXP Semiconductors Contents SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 4 87 ...

Page 5: ...w 29 Figure 24 Downloading application image to flash 29 Figure 25 Opening Flash GUI Tool for programming audio playback binaries 30 Figure 26 Probes discovered window for programming audio playback binaries 30 Figure 27 Opening GUI Flash Tool for audio playback binaries 31 Figure 28 Selecting audio playback binary files 31 Figure 29 Updating the OK audio playback in English binary address 32 Figu...

Page 6: ... control follow up mode 51 Figure 63 ASR session control timeout 51 Figure 64 ASR session control PTT mode 51 Figure 65 pdm_pcm_definitions h file and USE_SAI2_MIC define 51 Figure 66 Gain variable in audio_process_task c 52 Figure 67 pdm_to_pcm_task c set gain factor 53 Figure 68 Application chain of trust 54 Figure 69 Bootloader flow 56 Figure 70 Editing memory configuration 57 Figure 71 Project...

Page 7: ...S19 to SREC 80 Figure 91 Image binaries before executing HAB 80 Figure 92 Usage of secure_app py and its output with signed only option 81 Figure 93 Usage of prog_sec_app py and its output with signed only option 82 NXP Semiconductors Figures SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 7 87 ...

Page 8: ...rds and commands for multi language demos 43 Table 8 Specification of an inference engine instance 46 Table 9 ASR language type 47 Table 10 Inference engine types 48 Table 11 u16PostProcessedGain description 52 Table 12 SLN_DSP_SetGainFactor function description 52 Table 13 Summary of boot mode and security features 71 Table 14 Acronyms 84 Table 15 Revision history 86 NXP Semiconductors SLN LOCAL2...

Page 9: ...ed development environment ide MCUXpresso IDE Table 1 Tested computer configurations Computer type OS version Serial terminal application PC Windows 10 TeraTerm PuTTY Mac macOS Serial CoolTerm goSerial PC Linux PuTTY Below are listed development tools using MCU Local Voice Control SDK Table 2 Software tools and versions Software tool Version Description Segger JLink_v6 98 or later Tool to program ...

Page 10: ...mplified DoC per Article 10 9 of the Radio Equipment Directive 2014 53 EU This apparatus namely SLN LOCAL2 IOT conforms to the Radio Equipment Directive 2014 53 EU The full EU Declaration of Conformity for this apparatus can be found at this location https www nxp com The product is expected to be used laying flat on a table microphone output pointing up The data mode of the USB bus is not covered...

Page 11: ...e highlights are as follows Two stage bootstrap and bootloader allowing for flexibility in customer implementation Secure boot flow with High Assurance Booting HAB Over the Air OTA update via WiFi Over the Wire OTW update via UART Automated manufacturing reprogramming tools Speech recognition engine by deep learning Audio Front End AFE for far field Automatic Speech Recognition ASR SLN LOCAL2 IOT ...

Page 12: ...ows a high level software architecture diagram This shows everything that is included in the SDK for the SLN LOCAL2 IOT package though not all of the features are implemented in demo applications NXP Semiconductors Introduction SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 12 87 ...

Page 13: ...map Name Start address End address Description Boot Config Region 0x6000_0000 0x6000_0FFF Used for XIP and setting up flash IVT 0x6000_1000 0x6000_1FFF Vector table Bootstrap 0x6000_2000 0x6003_FFFF Bootloader 0x6004_0000 0x601F_FFFF Not Used 0x6020_0000 0x602F_FFFF Not used Application Bank A 0x6030_0000 0x60CF_FFFF Application Bank B 0x60D0_0000 0x616F_FFFF Table continues on the next page NXP S...

Page 14: ...ZH 01 0x6180_0000 0x6183_FFFF OK sound in Chinese Audio Playback ZH 02 0x6184_0000 0x6187_FFFF Can I help you sound in Chinese Audio Playback DE 01 0x6188_0000 0x618B_FFFF OK sound in German Audio Playback DE 02 0x618C_0000 0x618F_FFFF Can I help you sound in German Audio Playback FR 01 0x6190_0000 0x6193_FFFF OK sound in French Audio Playback FR 02 0x6194_0000 0x6197_FFFF Can I help you sound in ...

Page 15: ...data When it comes out of the decimation block it is fed to the Audio Front End AFE to perform beamforming and acoustic echo cancellation At this point it is a single 16 bit 16 kHz mono audio signal Figure 4 Audio application pipeline Although the ASR works on multiples of 10 ms of audio data a 30 ms data block is recommended for the input Thus the audio_processing_task accumulates 30 ms worth of ...

Page 16: ...user s serial terminal window The connection is made via the USB CDC Figure 5 Shell prompt interface The LED indicates various conditions of the SLN LOCAL2 IOT kit The LED is located on the kit as shown in Figure 6 If the kit boots without any problems the LED lits with green color while booting and then it turns off When the kit detects a wake word the LED lits with blue color while listening to ...

Page 17: ...olid Blue The device detected the wake word and listens to a command Command detected Green blink 200ms The device detected a command Timeout Purple blink 200ms If no command is detected within a certain time the device stops listening to a command Microphone off Solid Orange Microphones are turned off Table continues on the next page NXP Semiconductors Introduction SLN LOCAL2 IOT Developer s Guid...

Page 18: ... USB CDC shell commands Two on board buttons 3 8 Security architecture The SLN LOCAL2 IOT kit is built and designed in a way that enables the best security practices while maintaining the development kit feel The main security mechanisms implemented are the image verification stages that are required for every image programmed into the device By default the image verification is enabled in the SLN...

Page 19: ...re 7 Creating MCUXpresso IDE workspace 4 2 Software Development Kit SDK The MCUXpresso SDK is a comprehensive software enablement package designed to simplify and accelerate application development with NXP s MCUs based on the Arm Cortex M cores The MCUXpresso SDK includes production grade software with an integrated RTOS optional integrated stacks and middleware reference software and more It is ...

Page 20: ...AL2 IOT SDK Before building the SLN LOCAL2 IOT SDK example projects the target SDK must be imported into the MCUXpresso IDE by dragging and dropping the target SDK archive into the Installed SDKs window in the MCUXpresso IDE Figure 9 shows the pop up window which asks for confirmation Click OK When the package is imported it will be displayed in the list of installed SDKs Figure 10 shows the insta...

Page 21: ...duct innovation The following steps show how to import SLN LOCAL2 IOT projects into MCUXpresso IDE From the Quickstart Panel select Import SDK examples s as shown in Figure 11 Figure 11 MCUXpresso Quickstart Panel Import SDK Example s A list of all the installed board SDKs that have examples to import from appears Select the sln_local2_iot image and then click the Next button as shown in Figure 12...

Page 22: ...vailable to import Ensure that the SDK Debug Console is not moved from its default position Figure 13 shows the import of all the projects to be used in this section NXP Semiconductors Getting started with MCUXpresso Tool Suite SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 22 87 ...

Page 23: ... document describes the local_demo bootloader and bootstrap for building and debugging Figure 14 shows the Project Explorer window after the projects from the SLN LOCAL2 IOT SDK are imported Figure 14 MCUXpresso Project Explorer NXP Semiconductors Getting started with MCUXpresso Tool Suite SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 23 87 ...

Page 24: ...s because the corruption of this image results in unbootable image and bricked device The bootloader project is a second stage bootloader that manages jumping into the local_demo application This application can be used for any additional bootloader functionality needed for the product This bootloader is also responsible for the Mass Storage Device MSD dragging and dropping and updating the applic...

Page 25: ...avoid signing images To do this image verification must be turned off for both the bootstrap and the bootloader components When moving to production it is suggested to turn the image verification on To turn the image verification on there is a single macro change required The verification is application specific so if the entire security chain must be enabled the setting must be updated in both th...

Page 26: ...erification To turn off the image verification within the bootloader code modifications are required Within the MCUXpresso bootloader project right click the root project and navigate to Properties C C Build Settings Preprocessor Inside the Preprocessor section change the MACRO DISABLE_IMAGE_VERIFICATION to 1 and click OK as shown in Figure 20 NXP Semiconductors Building and programming with MCUXp...

Page 27: ...ls and the code execution halts If the image verification is not disabled it is enabled by default then the only application that can be updated is the local_demo via the Mass Storage Device MSD update To update the firmware without debugging follow the steps in USB Mass Storage Device MSD update There are other ways to program firmware into the device with a section dedicated to the manufacturing...

Page 28: ...bed in NXP application image signing tool Perform the following steps for bootstrap bootloader and local_demo Select the debug option from those shown in Figure 22 and ensure that the debug probe is attached This starts the process of loading the binary into the flash Figure 22 Debug window for applications Select the J Link probe that is connected to the board and click OK as shown in Figure 23 N...

Page 29: ...re available to the developers using the pre built RAW form of files inside the Image_Binaries local_audio_files folder in the Ivaldi package or they are generated as described in Generating new audio playback files Ensure that the SLN LOCAL2 IOT kit is USB powered with the JTAG connected to the back of the board Within the MCUXpresso IDE ensure that you have selected a project to launch the debug...

Page 30: ...roject has never been used to program the SLN LOCAL2 IOT kit before Figure 26 Probes discovered window for programming audio playback binaries After clicking OK the Flash GUI Tool shown in Figure 27 pops up NXP Semiconductors Building and programming with MCUXpresso SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 30 87 ...

Page 31: ...at were downloaded from the Ivaldi package or generated as shown in Generating new audio playback files Figure 28 Selecting audio playback binary files Within the Base Address textbox enter the address where the audio file is located and click the Run button In Figure 29 for demonstration purposes we program the OK audio playback in English at the 0x6178_0000 address NXP Semiconductors Building an...

Page 32: ...s done the Operation Completed window shown in Figure 31 appears Figure 30 Programming the audio playback binaries Figure 31 Audio OK in English binary programming completed See Table 5 for the list of all audio file addresses saved in the HyperFlash memory NXP Semiconductors Building and programming with MCUXpresso SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 32 87 ...

Page 33: ...h the JTAG connected to the back of the kit In the MCUXpresso IDE ensure you have selected a project to launch the debug configuration in and select the GUI Flash Tool icon as shown in Figure 32 Figure 32 Opening Flash GUI Tool for Application CA certificates The Probes discovered window Figure 33 is shown if the project has never been used to program the SLN LOCAL2 IOT kit before Figure 33 Probes...

Page 34: ... Automated manufacturing tools Figure 35 Selecting the Application CA certificate binaries Within the Base Address textbox enter 0x61D00000 and 0x61D80000 must be done for both for the certificate app_crt bin or 0x61CC0000 for the certificate authority public certificate ca_crt bin and click the Run button In Figure 36 for demonstration purposes the same app_crt bin certificate is used for both ba...

Page 35: ...ation CA Certificate programming complete 5 4 4 Flash Image Configuration Area FICA The following section describes the steps required to program the Flash Image Configuration Area FICA The FICA is described in more detail in FICA and image verification Regardless of whether the verification is turned on or off the FICA must be programmed into the area because it holds the boot information about w...

Page 36: ... shown in Figure 39 Figure 39 Opening Flash GUI Tool for FICA The Probes discovered window Figure 40 is shown if the project has never been used to program the SLN LOCAL2 IOT kit before Figure 40 Probes discovered window for FICA table programming After selecting OK the Flash GUI Tool pops up Figure 41 NXP Semiconductors Building and programming with MCUXpresso SLN LOCAL2 IOT Developer s Guide Rev...

Page 37: ...he generated FICA after running the Ivaldi package in Introduction NXP application image signing tool and Open Boot Programming tool Select the fica_table bin file to download Figure 42 Selecting the FICA table binary Within the Base Address textbox enter 0x61FC0000 and hit the Run button as shown in Figure 43 NXP Semiconductors Building and programming with MCUXpresso SLN LOCAL2 IOT Developer s G...

Page 38: ...s in a file system format into the designated flash section as shown in Figure 44 After the flashing process completes the Operation Completed window appears Figure 45 Figure 44 Programming the FICA table binary Figure 45 FICA table programming complete NXP Semiconductors Building and programming with MCUXpresso SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 38 87 ...

Page 39: ...f the SLN LOCAL2 IOT development kit is described on the web page www nxp com mcu local2 SLN LOCAL2 IOT Schematics SLN LOCAL2 IOT BOM SLN LOCAL2 IOT Design Files NXP Semiconductors SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 39 87 ...

Page 40: ...ncepts see Acoustic modification and ensure that the modification is suitable for your product The ASR block in Figure 46 contains the speech recognition engine and the application software NXP has implemented the following three types of baseline demos LED voice control demo English Two stage wake word and command ASR Smart Home IoT or elevator or audio device or washing machine voice control dem...

Page 41: ...e ASR with only one wake word engine and one command engine The ASR for multiple up to four languages can be created with the inference engine instances of columns in Figure 47 The ASR for the multiturn e g dialog application can be created with the inference engine instances of a row in Figure 47 7 1 1 1 Scenario 1 Single language two stage voice control Figure 48 shows the simplest ASR scenario ...

Page 42: ...mmand engine instance is loaded into its memory pool to start listening to the user s voice command For example suppose that two languages English and Mandarin are enabled The SLN LOCAL2 IOT kit loads the wake word engines that is English and Mandarin into their RAM memory pools and starts listening to the user s voice If the user utters the English wake word Hey NXP the SLN LOCAL2 IOT kit detects...

Page 43: ...行开门关门打开关掉播放暂停开始停止下一首上一曲提高音量音量减小精致洗正常清洗强力洗洗白取消 German DE Hallo NXP Temperatur erhöhen Temperatur verringern Fenster hoch Fenster runter anschalten Ausschalten heller dunkler Erste Etage Zweite Etage Dritte Etage Vierte Etage Fünfte Etage Hauptlobby Hochfahren Runterfahren Öffne die Tür Schließe die Tür anschalten ausschalten abspielen Pause Anfang halt nächstes Lied vorheriges Lied...

Page 44: ...glish 我可以帮你吗 Chinese Kann ich Ihnen helfen German Puis je vous aider French Once a command is detected it turns the LED green playing the audio OK in the accent of same language for the wake word triggered The audio playback files are saved in the filesystem You can replace them with your own files For details on the filesystem see Filesystem For the full list of audio file addresses see Table 5 7...

Page 45: ...select a demo and multiple languages For more details about the usage type help into the shell prompt in the serial terminal as shown in Figure 53 and Figure 54 for the changeto and multilingual commands respectively Figure 52 Demo selection by shell commands Figure 53 Demo selection command Figure 54 Language selection command NXP Semiconductors Far field local voice control framework SLN LOCAL2 ...

Page 46: ... engine requires more resources than the other languages The CPU consumption can increase with the number of commands The rule of thumb is 0 08 MIPS per a 4 syllable command Table 8 Specification of an inference engine instance Chinese with tone recognition Other languages Code size 150 KB 30 KB Data size 170 KB 32 x M Bytes 155 KB 32 x M Bytes RAM 85 KB 128 x M Bytes 45 KB 128 x M Bytes CPU 68 MI...

Page 47: ...uage specific Each ASR voice engine must define a language You can extend Table 9 with other languages nGroups the number of groups in a language model binary By default it contains a language specific base model counted as a group and a wake word group You can define N command groups addrBin the address of a language model binary This address points to a base model addrGroup MAX_GROUPS the addres...

Page 48: ... of base model counted as a group plus wake word group or command group n addrGroup 2 base keyword group either ww or cmd addrGroupMapID the address that contains the MapIDs idToKeyword the string list that indicates which command wake word is detected The string is printed out in a terminal window memPool memory pool address in SRAM for an inference engine memPoolSize size of an inference engine ...

Page 49: ...mber of languages to be enabled Figure 59 Configuration for the maximum number of languages snippet If i MX RT105S is considered it can support up to two languages Set IMXRT105S to 1 If only one language is sufficient we always recommend to set MULTILINGUAL to 0 This allows the ASR application to save significant memory and CPU resources Because MAX_CONCURRENT_LANGUAGES affects the resources three...

Page 50: ...ord or a command group also shown in Figure 58 lang languages to be enabled The types and encodings are in Table 9 infType either a wake word or a command group also shown in Table 10 idToString the string list that indicates which command wake word is detected The string is printed out in a terminal window addrMemPool memory pool address in SRAM for an inference engine sizeMemPool size of an infe...

Page 51: ...ntrol PTT mode 7 2 Acoustic modification 7 2 1 Changing microphone configuration Open the local _demo variant of the project in the developer s environment To change the number of microphones supported open the config_files folder and the pdm_pcm_definintions h file as shown in Figure 65 Figure 65 pdm_pcm_definitions h file and USE_SAI2_MIC define The pdm_pcm_definitions h header file contains the...

Page 52: ... 66 and adjust the post processing dynamic gain variable afeConfig postProcessedGain corresponding to the signal level needed 7 2 3 Changing the pre processed microphone gain The i MX RT106S MCU does not have a PDM hardware block which means that it is required to convert the PDM data to PCM within software This allows the gain to be adjusted to fit the needs of the developer The gain may be requi...

Page 53: ... 0xffff int16_t The shift gain factor before the DC Offset is applied A gain of zero means that there is no gain Locate the code snippet shown in Figure 67 and change the numerical value according to your needs related to the table Figure 67 pdm_to_pcm_task c set gain factor NXP Semiconductors Far field local voice control framework SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide...

Page 54: ...ins information about the image and signatures of the applications used to ensure that only verified firmware is executed This ensures that malicious images cannot be executed without being signed by the certificate authority and certificate that is programmed into the filesystem Before any image is jumped to it is first verified using the signature from its associated FICA entry For example the s...

Page 55: ...e that all images that are to be booted are authentic The application signing certificates are located at the following addresses in the filesystem Address 0x61D00000 for Application Bank A Address 0x61D80000 for the bootloader The certificate for the CA used to verify the application signing certificates is located at address 0x61CC0000 in the filesystem NXP Semiconductors Security architecture S...

Page 56: ...oader flow The firmware update in the bootloader is only for the main application not for the bootstrap and bootloader If the bootstrap or bootloader must be updated use the J Link probe or the Ivaldi tool described in Automated manufacturing tools NOTE 9 1 Application BIN file generation There are two application banks in the flash memory see Table 4 on the SLN LOCAL2 IOT kit Address for Applicat...

Page 57: ...tion Editor Change the address of the Flash type to 0x6030 0000 for Application Bank A and 0x60D0 0000 for Application Bank B Figure 70 Editing memory configuration Before building the application make sure that the MCUXpresso project generates a BIN file as an outcome of the build process Right click the project name and open Properties as shown in Figure 71 NXP Semiconductors Bootloader SLN LOCA...

Page 58: ...ct the Build steps tab where the Post build steps can be edited Click Edit and it shows the commands for the post build steps Figure 72 shows how to open the Post build steps window NXP Semiconductors Bootloader SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 58 87 ...

Page 59: ...owing commands To generate a BIN file in the post build process remove the character on the second line and click OK The resulting commands after removing are shown in Figure 73 NXP Semiconductors Bootloader SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 59 87 ...

Page 60: ...pdated using a J Link probe By default the MSD feature bypasses the signature verification to allow for easier development flow because signing of images can be a process not suitable for quick debugging and validation Bypassing the image verification is a security threat and it is the responsibility of the product designer to prevent the violation in production NOTE To put the device into the MSD...

Page 61: ...oth OTA and OTW is the same The only difference between the two is that the OTA update is performed over the air via Wi Fi and the OTW update is performed over UART The OTA update interface is performed by hosting a TCP server on the kit which receives the update related JSON packets The OTW update currently supports UART but it can be extended to support any serial interfaces including SPI TCP so...

Page 62: ... a transfer response 9 4 1 1 Start request The following is the first request that must be sent to start a firmware update messageType 1 fwupdate_message messageType 0 fwupdate_common_message messageType 0 job_id Job ID string app_bank_type Flash Bank 1 for A 2 for B signature RSA Signature of image to be loaded image_size Image Length NXP Semiconductors Bootloader SLN LOCAL2 IOT Developer s Guide...

Page 63: ...ck of data encoded_size Size of encoded block block_size Size of block in bytes offset Offset from base of flash 9 4 1 3 Stop request messageType 1 fwupdate_message messageType 1 fwupdate_server_message messageType 1 9 4 1 4 Activate image request messageType 1 fwupdate_message messageType 1 fwupdate_server_message messageType 3 9 4 1 5 Start self test request messageType 1 fwupdate_message messag...

Page 64: ...TA update is being expected The update bit is set by the test script A TCP server is running in the main application and waits for a JSON sent by the script to set the FICA bit The SLN LOCAL2 IOT kit and the client running the Python script must be on the same network for the OTA to work Connecting to a Wi Fi network Connect the board to the computer via the USB Type C port Open your favorite seri...

Page 65: ...t any arguments shows the arguments that the script takes sln_local2_iot_bootloader unit_tests python3 fwupdate_client py Usage fwupdate py device method bank appFile appSignFile device The target device the sln_local_iot or sln_vizn_iot or sln_viznas_iot board local vizn viznas method Firmware update method OTA OTW bank The flash bank A B appFile File to update appSignFile File signature or None ...

Page 66: ...4394792 0 Firmware Update Progress 0 28 12288 4394792 0 Firmware Update Progress 0 37 16384 4394792 0 Firmware Update Progress 99 91 4390912 4394792 0 Firmware Update Progress 100 0 4394792 4394792 unit_test_fwupdate_complete_req messageType 1 fwupdate_message messageType 1 fwupdate_server_message messageType 1 0 unit_test_fwupdate_activate_img messageType 1 fwupdate_message messageType 1 fwupdate...

Page 67: ...NXP Semiconductors Bootloader SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 67 87 ...

Page 68: ...are s filesystem This script accepts the following parameters if parameter passes the input file to be converted for the embedded filesystem of parameter passes the output file name ft parameter passes the flash type of the board the acceptable values are as follows ft H for HyperFlash used for SLN LOCAL2 IOT ft Q for QSPI Flash used for future platforms based on QSPI For SLN LOCAL2 IOT the file_f...

Page 69: ...nary files simply create a 16 bit 48 kHz audio file The current configuration of the amplifier only supports 48 kHz playback NXP Semiconductors Filesystem SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 69 87 ...

Page 70: ...uring cycle Its primary focuses are Factory programming and setting up a new device product with certificate key pairs Enabling High Assurance Boot HAB Signing images for OTA OTW and HAB Writing and accessing One Time Programmable OTP fuses 11 1 2 Download the package The Ivaldi package can be downloaded from www nxp com mcu local2 Extract the ZIP file and open the README md file located in the ro...

Page 71: ... Default Secure boot Yes Yes Most secure 11 2 NXP application image signing tool The signing tool is a Python application that is responsible for using a signed Certificate Signing Request CSR to sign the binaries and append the certificate to the binary ready to be deployed to OTA OTW services The following instructions assume that the README file in the Ivaldi root directory is followed to set u...

Page 72: ... the images Developers can always re generate a more secure CA when preparing for production When prompted for passwords for the PEM files use the same password for all of them for this exercise Figure 81 shows an excerpt from the terminal output of the generation script NXP Semiconductors Automated manufacturing tools SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 72 87 ...

Page 73: ...ds the ca folder is generated This folder contains the certificates and private keys with the user defined ca_name ca certs ca_name app a crt pem ca_name app b crt pem NXP Semiconductors Automated manufacturing tools SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 73 87 ...

Page 74: ... Move these files to the Image_Binaries folder of the Ivaldi package as shown in Figure 83 They will be programmed into the SLN LOCAL2 IOT kit by a boot programming tool Figure 83 Moving ca_crt bin and app_crt bin to Image_Binaries folder 11 3 Open Boot Programming tool The Open Boot Programming tool is responsible for connecting to the device and programming it with the correct images and certifi...

Page 75: ...hich is located on the top of the kit is in position 0 To program the firmware and artifacts execute the open_prog_full py script which performs the following actions as shown in Figure 85 Communicating with the BootROM and loading executing the Flashloader Erasing the flash Programming the images bootstrap bootloader local_demo audio playback files and FICA table with certificates Jumping into th...

Page 76: ...Figure 85 Output of Ivaldi Open Boot Programming NXP Semiconductors Automated manufacturing tools SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 76 87 ...

Page 77: ...the Flashloader can be executed without being signed When the HAB is enabled the Flashloader must be signed by the generated keys The secure boot Python scripts are separated into two folders OEM The scripts should only be executed by the Product Owner and the output must be stored in a secure environment This is because it contains important key information which if lost could brick the SLN LOCAL...

Page 78: ...he generated secure boot image file enable_hab sb set the i MX RT106S to the serial download mode by moving jumper J27 which is located on the top of the SLN LOCAL2 IOT kit into the 0 position Then execute the Script sln_local2_iot_secure_boot manf enable_hab py script Figure 87 shows the usage and output of the enable_hab py script Figure 87 Usage of enable_hab py and its output NXP Semiconductor...

Page 79: ... and navigate to Properties C C Build Settings Preprocessors As shown in Figure 88 set XIP_BOOT_HEADER_ENABLE and XIP_BOOT_HEADER_DCD_ENABLE to zero Figure 88 Unsetting of the XIP boot header After these definitions are updated build the bootstrap project to generate an image Because the Ivaldi script only accepts the SREC file format use the MCUXpresso Binary Utilities to convert the AXF file to ...

Page 80: ... into the Image_Binaries folder Figure 91 shows all the required files before executing the HAB Figure 91 Image binaries before executing HAB 11 4 3 Programming the images Create a secure image and program the created image into the SLN LOCAL2 IOT kit Execute the Scripts sln_local2_iot_secure_boot oem secure_app py script with the signed only option It generates the boot_sign_image sb file with th...

Page 81: ...bootstrap the signed bootloader and local_demo the application image signing certificate the CA image certificate and the device key and certificate It jumps into the bootstrap and executes It waits until the flow gets to local_demo The spcripts use the file names specified in the Scripts sln_local2_iot_config board_config py folder For different file names update the board_config py file NOTE The...

Page 82: ...Figure 93 Usage of prog_sec_app py and its output with signed only option NXP Semiconductors Automated manufacturing tools SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 82 87 ...

Page 83: ...es supplement this document MCU Local Voice Control SLN LOCAL2 IOT UG Solution User s Guide document SLN LOCAL IOT UG Hardware files gerbers schematics BOM NXP Semiconductors SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 83 87 ...

Page 84: ...Bootloader IOT Internet Of Thing IVT Instruction Vector Table JTAG Joint Test Action Group MANF Manufacturer MCU Microcontroller Unit MEMS Micro Electro Mechanical System MSD Mass Storage Device OEM Original Equipment Manufacturer OTA Over The Air OTW Over The Wire OTP One Time Programmable PCM Pulse code modulation PDM Pulse density modulation PKI Public Key Infrastructure ROM Read Only Memory RT...

Page 85: ...ms continued Acronym Meaning Definition SDK Software Development Kit UART Universal Asynchronous Receiver Transmitter NXP Semiconductors Acronyms SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 85 87 ...

Page 86: ...ter 14 Revision history Table 15 Revision history Revision Date Substantive changes 0 19 April 2021 Initial release NXP Semiconductors SLN LOCAL2 IOT Developer s Guide Rev 0 19 April 2021 User s Guide 86 87 ...

Page 87: ...dates from NXP and follow up appropriately Customer shall select products with security features that best meet rules regulations and standards of the intended application and make the ultimate design decisions regarding its products and is solely responsible for compliance with all legal regulatory and security related requirements concerning its products regardless of any information or support ...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands