Detailed explanation of NXP Cortex-M3 encryption settings

Encryption chip is a general name for a type of security chip that integrates various symmetric and asymmetric algorithms internally and has a very high security level to ensure that the keys and information data stored inside are not illegally read and tampered with. Products using security encryption chips: bank encryption U-shields, recorders, encrypted hard drives, PC locks, mobile phones, smart door locks, buses and subways, etc. In products that use security encryption chips, the data stored in the security chip will be encrypted with high reliability, making it difficult for the data to be illegally stolen.

For example, Tianchi i.MX6UL core board, the CPU comes with a secure boot anti-theft mechanism, which allows customers to design for highly secure applications and is suitable for transaction equipment. embedsky.com Let’s talk about the encryption methods of NXP chips:

NXP LPC series

Most LPC series MCUs use configuration word encryption, that is, CRP (Code Read Protection) encryption. Write the configuration word (CRP Key) into a specific Flash address. After the chip is powered on and started, the internal boot will choose to disable the corresponding functions according to the configuration.

CRP is a mechanism that allows users to enable different levels of security in the system, thereby limiting access to on-chip flash memory and ISP usage. When needed, CRP is called by programming a specific pattern in the flash memory location in 0x0002FC. IAP commands are not affected by code read protection.

Taking the LPC824 bit as an example, find the CRP Key in the startup file (*.s) and modify it as needed, as shown in the figure

Note: Remember to use CRP3 only in the final product firmware, otherwise the chip will be locked and cannot be unlocked.

NXP Kineits Cortex-M Series

      The encryption of the Kineits Cortex-M series also uses configuration words to write to specific areas of Flash, but it is relatively more complex and more powerful than the LPC series. The encryption of the Kineits Cortex-M series is included in the FlashConfig area. FlashConfig contains some configuration information for the internal Boot of the chip, such as enabling or disabling the NMI pin interrupt.

Use the keil tool to quickly use UI configuration, as shown in the figure:

GD32 series

The GD32 series encryption method is similar to the STM32 series encryption method. GD32 contains an FMC peripheral internally. FMC provides a security protection function to prevent illegal reading of flash memory. This feature is a great way to protect software and firmware from illegal user operations. embedsky.com

      FMC contains an OB_RDPT byte and its complement:

• When the OB_RDPT byte and its complement byte are set to 0x5AA5, after the system is reset, the flash memory will be in a non-security state;

• When the OB_RDPT byte and its complement byte value are set to any value except 0x5AA5, after the system is reset, the security protection state takes effect;

• In the secure state, the main memory flash block can only be accessed by user code and the first 4KB of flash memory is automatically page erase/program protected. In debug mode, when booting from SRAM, and when booting from the boot loader area, operations on the main memory block in these modes are prohibited;

• If the OB_RDPT byte and its complement byte are set to 0x5AA5, the security protection function will be disabled and a full chip erase operation will be automatically triggered.

      GD officially provides the encryption tool GigaDevice_MCU_ISP_Programmer or uses tools such as FlyMCU. The operation interface is as shown in the figure:

i.MX RT Series

      The i.MX RT series is a cross-border processor released by NXP, with the processing performance of MPU and the development method of MCU. This series does not contain user-usable internal Flash, and all code must be stored on external storage media. It uses FSL's unique HAB security mechanism to achieve a more secure encryption mechanism than the previous one.

      The encryption of i.MX RT is to completely convert the program firmware into ciphertext through tools, which cannot be decompiled. At the same time, i.MX RT contains an OTP area internally, which is used for programming key information and startup information. It cannot be read after encryption.

• When the chip uses QSPI or HypeFlash, it can decrypt while running without occupying additional RAM space. At the same time, hardware decryption cooperates with the 32KB ICache and 32KB DCache in the kernel so that the program operation will not be affected by firmware encryption; embedsky.com

• The chip also supports full decryption of programs to internal RAM or external SDRAM during Boot. In this way, the startup speed of the code is slightly slower, but it can support more startup methods: SD card, MMC, Nand Flash, etc.

      NXP provides the encryption tool CSF and the key burning tool FlashLoader for encryption and burning of program firmware. If you have any questions, please contact our FAE for support