Secure Binary 3.1#
SB 3.1 is an evolution of the SB 2 format. The configuration is done in a similar way as a master boot image by configuration file in YAML or JSON. BD files are no longer used, commands are supplied in the configuration file.
Example of use
nxpimage: nxpimage sb31 export "sb3_config.yaml
Supported commands#
List of SB 3.1 supported commands#
Command |
Command Description |
k32w148 |
kw45b41z5 |
kw45b41z8 |
kw47b42z83 |
kw47b42z96 |
kw47b42z97 |
kw47b42zb2 |
kw47b42zb3 |
kw47b42zb6 |
kw47b42zb7 |
kw47z42082 |
kw47z42092 |
kw47z420b2 |
kw47z420b3 |
lpc55s36 |
mcxn235 |
mcxn236 |
mcxn546 |
mcxn547 |
mcxn946 |
mcxn947 |
mcxw716a |
mcxw716c |
mcxw727a |
mcxw727c |
mcxw727d |
mimxrt735s |
mimxrt758s |
mimxrt798s |
rw610 |
rw612 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
erase |
Performs a flash erase of the given address range. The erase will be rounded up to the sector size. |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
load |
If set, then the data to write immediately follows the range header. The length field contains the actual data length |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
execute |
Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return. |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
call |
Address is address to jump. However, the state machine should expect a return to the next statement to continue processing the SB file |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
programFuses |
Address is OTP index of fuses to be programmed (Check the reference manual for more information). Values is a comma separated list of 32bit values. |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
programIFR |
The startAddress will be the address into the IFR region, length will be in number of bytes to write to IFR region. The data to write to IFR region at the given address will immediately follow the header |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
NO |
NO |
NO |
YES |
YES |
loadCMAC |
If set, then the data to write immediately follows the range header. The length field contains the actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on startAddress. |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
NO |
NO |
NO |
NO |
NO |
copy |
Used for copying data from one place to another. 32 bytes fixed size. |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
NO |
NO |
NO |
NO |
NO |
YES |
YES |
YES |
YES |
YES |
loadHashLocking |
If set, then the data to write immediately follows the range header. The length field contains the actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded data, which are reserved for it. |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
NO |
NO |
NO |
NO |
NO |
loadKeyBlob |
Wrapped key blob immediately follows the range key blob header. The length field contains the actual data length. |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
NO |
NO |
NO |
NO |
NO |
YES |
YES |
YES |
YES |
YES |
configureMemory |
Configure memory. |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
NO |
NO |
NO |
NO |
NO |
YES |
YES |
YES |
YES |
YES |
fillMemory |
Used for filling of the memory range by same repeated int32 pattern. |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
checkFwVersion |
Checks FW version value specified in command for specified counter ID. FW version value in command must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
Supported configuration options#
SecureBinary31 for k32w148#
SecureBinary31 for k32w148 JSON schema
SecureBinary31 for k32w148 YAML configuration template
# ============================== Secure Binary v3.1 Configuration template for k32w148. ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: k32w148
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for kw45b41z5#
SecureBinary31 for kw45b41z5 JSON schema
SecureBinary31 for kw45b41z5 YAML configuration template
# ============================= Secure Binary v3.1 Configuration template for kw45b41z5. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw45b41z5
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for kw45b41z8#
SecureBinary31 for kw45b41z8 JSON schema
SecureBinary31 for kw45b41z8 YAML configuration template
# ============================= Secure Binary v3.1 Configuration template for kw45b41z8. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw45b41z8
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for kw47b42z83#
SecureBinary31 for kw47b42z83 JSON schema
SecureBinary31 for kw47b42z83 YAML configuration template
# ============================ Secure Binary v3.1 Configuration template for kw47b42z83. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47b42z83
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for kw47b42z96#
SecureBinary31 for kw47b42z96 JSON schema
SecureBinary31 for kw47b42z96 YAML configuration template
# ============================ Secure Binary v3.1 Configuration template for kw47b42z96. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47b42z96
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for kw47b42z97#
SecureBinary31 for kw47b42z97 JSON schema
SecureBinary31 for kw47b42z97 YAML configuration template
# ============================ Secure Binary v3.1 Configuration template for kw47b42z97. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47b42z97
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for kw47b42zb2#
SecureBinary31 for kw47b42zb2 JSON schema
SecureBinary31 for kw47b42zb2 YAML configuration template
# ============================ Secure Binary v3.1 Configuration template for kw47b42zb2. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47b42zb2
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for kw47b42zb3#
SecureBinary31 for kw47b42zb3 JSON schema
SecureBinary31 for kw47b42zb3 YAML configuration template
# ============================ Secure Binary v3.1 Configuration template for kw47b42zb3. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47b42zb3
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for kw47b42zb6#
SecureBinary31 for kw47b42zb6 JSON schema
SecureBinary31 for kw47b42zb6 YAML configuration template
# ============================ Secure Binary v3.1 Configuration template for kw47b42zb6. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47b42zb6
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for kw47b42zb7#
SecureBinary31 for kw47b42zb7 JSON schema
SecureBinary31 for kw47b42zb7 YAML configuration template
# ============================ Secure Binary v3.1 Configuration template for kw47b42zb7. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47b42zb7
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for kw47z42082#
SecureBinary31 for kw47z42082 JSON schema
SecureBinary31 for kw47z42082 YAML configuration template
# ============================ Secure Binary v3.1 Configuration template for kw47z42082. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47z42082
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for kw47z42092#
SecureBinary31 for kw47z42092 JSON schema
SecureBinary31 for kw47z42092 YAML configuration template
# ============================ Secure Binary v3.1 Configuration template for kw47z42092. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47z42092
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for kw47z420b2#
SecureBinary31 for kw47z420b2 JSON schema
SecureBinary31 for kw47z420b2 YAML configuration template
# ============================ Secure Binary v3.1 Configuration template for kw47z420b2. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47z420b2
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for kw47z420b3#
SecureBinary31 for kw47z420b3 JSON schema
SecureBinary31 for kw47z420b3 YAML configuration template
# ============================ Secure Binary v3.1 Configuration template for kw47z420b3. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47z420b3
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for lpc55s36#
SecureBinary31 for lpc55s36 JSON schema
SecureBinary31 for lpc55s36 YAML configuration template
# ============================= Secure Binary v3.1 Configuration template for lpc55s36. ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: lpc55s36
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 12 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, copy, loadHashLocking, loadKeyBlob,
# configureMemory, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# -------------------------------------------===== Copy [Required] =====--------------------------------------------
# Description: Used for copying data from one place to another. 32 bytes fixed size.
copy:
# --------------------------------------===== Address From [Required] =====---------------------------------------
# Description: Address of memory block to be copied.
addressFrom: 0
# -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
# Description: ID of memory block to be copied.
memoryIdFrom: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be copied.
size: 4096
# ---------------------------------------===== Address To [Required] =====----------------------------------------
# Description: Address of memory where block to be copied.
addressTo: 536870912
# --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
# Description: ID of memory block where to be copied.
memoryIdTo: 0
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
# Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
# data length.
loadKeyBlob:
# -----------------------------------------===== Offset [Required] =====------------------------------------------
# Description: Offset of the key blob.
offset: 0
# -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
# Description: Wrapping ID of key blob.
# Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
wrappingKeyId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_keyblob.bin
# ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
# Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
# indicates whether it's as binary or hex
# Possible options: <no, bin, hex>
plainInput: no
# =========================== [Example of possible configuration: #9 , erase if not used] ============================
# -------------------------------------===== Configure memory [Required] =====--------------------------------------
# Description: Configure memory.
configureMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Configuration address.
configAddress: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be configured.
memoryId: 0
# =========================== [Example of possible configuration: #10 , erase if not used] ===========================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #11 , erase if not used] ===========================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for mcxn235#
SecureBinary31 for mcxn235 JSON schema
SecureBinary31 for mcxn235 YAML configuration template
# ============================== Secure Binary v3.1 Configuration template for mcxn235. ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxn235
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 12 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, copy, loadHashLocking, loadKeyBlob,
# configureMemory, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# -------------------------------------------===== Copy [Required] =====--------------------------------------------
# Description: Used for copying data from one place to another. 32 bytes fixed size.
copy:
# --------------------------------------===== Address From [Required] =====---------------------------------------
# Description: Address of memory block to be copied.
addressFrom: 0
# -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
# Description: ID of memory block to be copied.
memoryIdFrom: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be copied.
size: 4096
# ---------------------------------------===== Address To [Required] =====----------------------------------------
# Description: Address of memory where block to be copied.
addressTo: 536870912
# --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
# Description: ID of memory block where to be copied.
memoryIdTo: 0
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
# Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
# data length.
loadKeyBlob:
# -----------------------------------------===== Offset [Required] =====------------------------------------------
# Description: Offset of the key blob.
offset: 0
# -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
# Description: Wrapping ID of key blob.
# Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
wrappingKeyId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_keyblob.bin
# ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
# Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
# indicates whether it's as binary or hex
# Possible options: <no, bin, hex>
plainInput: no
# =========================== [Example of possible configuration: #9 , erase if not used] ============================
# -------------------------------------===== Configure memory [Required] =====--------------------------------------
# Description: Configure memory.
configureMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Configuration address.
configAddress: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be configured.
memoryId: 0
# =========================== [Example of possible configuration: #10 , erase if not used] ===========================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #11 , erase if not used] ===========================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for mcxn236#
SecureBinary31 for mcxn236 JSON schema
SecureBinary31 for mcxn236 YAML configuration template
# ============================== Secure Binary v3.1 Configuration template for mcxn236. ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxn236
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 12 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, copy, loadHashLocking, loadKeyBlob,
# configureMemory, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# -------------------------------------------===== Copy [Required] =====--------------------------------------------
# Description: Used for copying data from one place to another. 32 bytes fixed size.
copy:
# --------------------------------------===== Address From [Required] =====---------------------------------------
# Description: Address of memory block to be copied.
addressFrom: 0
# -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
# Description: ID of memory block to be copied.
memoryIdFrom: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be copied.
size: 4096
# ---------------------------------------===== Address To [Required] =====----------------------------------------
# Description: Address of memory where block to be copied.
addressTo: 536870912
# --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
# Description: ID of memory block where to be copied.
memoryIdTo: 0
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
# Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
# data length.
loadKeyBlob:
# -----------------------------------------===== Offset [Required] =====------------------------------------------
# Description: Offset of the key blob.
offset: 0
# -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
# Description: Wrapping ID of key blob.
# Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
wrappingKeyId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_keyblob.bin
# ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
# Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
# indicates whether it's as binary or hex
# Possible options: <no, bin, hex>
plainInput: no
# =========================== [Example of possible configuration: #9 , erase if not used] ============================
# -------------------------------------===== Configure memory [Required] =====--------------------------------------
# Description: Configure memory.
configureMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Configuration address.
configAddress: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be configured.
memoryId: 0
# =========================== [Example of possible configuration: #10 , erase if not used] ===========================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #11 , erase if not used] ===========================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for mcxn546#
SecureBinary31 for mcxn546 JSON schema
SecureBinary31 for mcxn546 YAML configuration template
# ============================== Secure Binary v3.1 Configuration template for mcxn546. ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxn546
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 12 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, copy, loadHashLocking, loadKeyBlob,
# configureMemory, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# -------------------------------------------===== Copy [Required] =====--------------------------------------------
# Description: Used for copying data from one place to another. 32 bytes fixed size.
copy:
# --------------------------------------===== Address From [Required] =====---------------------------------------
# Description: Address of memory block to be copied.
addressFrom: 0
# -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
# Description: ID of memory block to be copied.
memoryIdFrom: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be copied.
size: 4096
# ---------------------------------------===== Address To [Required] =====----------------------------------------
# Description: Address of memory where block to be copied.
addressTo: 536870912
# --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
# Description: ID of memory block where to be copied.
memoryIdTo: 0
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
# Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
# data length.
loadKeyBlob:
# -----------------------------------------===== Offset [Required] =====------------------------------------------
# Description: Offset of the key blob.
offset: 0
# -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
# Description: Wrapping ID of key blob.
# Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
wrappingKeyId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_keyblob.bin
# ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
# Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
# indicates whether it's as binary or hex
# Possible options: <no, bin, hex>
plainInput: no
# =========================== [Example of possible configuration: #9 , erase if not used] ============================
# -------------------------------------===== Configure memory [Required] =====--------------------------------------
# Description: Configure memory.
configureMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Configuration address.
configAddress: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be configured.
memoryId: 0
# =========================== [Example of possible configuration: #10 , erase if not used] ===========================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #11 , erase if not used] ===========================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for mcxn547#
SecureBinary31 for mcxn547 JSON schema
SecureBinary31 for mcxn547 YAML configuration template
# ============================== Secure Binary v3.1 Configuration template for mcxn547. ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxn547
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 12 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, copy, loadHashLocking, loadKeyBlob,
# configureMemory, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# -------------------------------------------===== Copy [Required] =====--------------------------------------------
# Description: Used for copying data from one place to another. 32 bytes fixed size.
copy:
# --------------------------------------===== Address From [Required] =====---------------------------------------
# Description: Address of memory block to be copied.
addressFrom: 0
# -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
# Description: ID of memory block to be copied.
memoryIdFrom: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be copied.
size: 4096
# ---------------------------------------===== Address To [Required] =====----------------------------------------
# Description: Address of memory where block to be copied.
addressTo: 536870912
# --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
# Description: ID of memory block where to be copied.
memoryIdTo: 0
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
# Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
# data length.
loadKeyBlob:
# -----------------------------------------===== Offset [Required] =====------------------------------------------
# Description: Offset of the key blob.
offset: 0
# -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
# Description: Wrapping ID of key blob.
# Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
wrappingKeyId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_keyblob.bin
# ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
# Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
# indicates whether it's as binary or hex
# Possible options: <no, bin, hex>
plainInput: no
# =========================== [Example of possible configuration: #9 , erase if not used] ============================
# -------------------------------------===== Configure memory [Required] =====--------------------------------------
# Description: Configure memory.
configureMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Configuration address.
configAddress: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be configured.
memoryId: 0
# =========================== [Example of possible configuration: #10 , erase if not used] ===========================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #11 , erase if not used] ===========================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for mcxn946#
SecureBinary31 for mcxn946 JSON schema
SecureBinary31 for mcxn946 YAML configuration template
# ============================== Secure Binary v3.1 Configuration template for mcxn946. ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxn946
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 12 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, copy, loadHashLocking, loadKeyBlob,
# configureMemory, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# -------------------------------------------===== Copy [Required] =====--------------------------------------------
# Description: Used for copying data from one place to another. 32 bytes fixed size.
copy:
# --------------------------------------===== Address From [Required] =====---------------------------------------
# Description: Address of memory block to be copied.
addressFrom: 0
# -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
# Description: ID of memory block to be copied.
memoryIdFrom: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be copied.
size: 4096
# ---------------------------------------===== Address To [Required] =====----------------------------------------
# Description: Address of memory where block to be copied.
addressTo: 536870912
# --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
# Description: ID of memory block where to be copied.
memoryIdTo: 0
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
# Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
# data length.
loadKeyBlob:
# -----------------------------------------===== Offset [Required] =====------------------------------------------
# Description: Offset of the key blob.
offset: 0
# -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
# Description: Wrapping ID of key blob.
# Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
wrappingKeyId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_keyblob.bin
# ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
# Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
# indicates whether it's as binary or hex
# Possible options: <no, bin, hex>
plainInput: no
# =========================== [Example of possible configuration: #9 , erase if not used] ============================
# -------------------------------------===== Configure memory [Required] =====--------------------------------------
# Description: Configure memory.
configureMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Configuration address.
configAddress: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be configured.
memoryId: 0
# =========================== [Example of possible configuration: #10 , erase if not used] ===========================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #11 , erase if not used] ===========================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for mcxn947#
SecureBinary31 for mcxn947 JSON schema
SecureBinary31 for mcxn947 YAML configuration template
# ============================== Secure Binary v3.1 Configuration template for mcxn947. ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxn947
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 12 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, copy, loadHashLocking, loadKeyBlob,
# configureMemory, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# -------------------------------------------===== Copy [Required] =====--------------------------------------------
# Description: Used for copying data from one place to another. 32 bytes fixed size.
copy:
# --------------------------------------===== Address From [Required] =====---------------------------------------
# Description: Address of memory block to be copied.
addressFrom: 0
# -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
# Description: ID of memory block to be copied.
memoryIdFrom: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be copied.
size: 4096
# ---------------------------------------===== Address To [Required] =====----------------------------------------
# Description: Address of memory where block to be copied.
addressTo: 536870912
# --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
# Description: ID of memory block where to be copied.
memoryIdTo: 0
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
# Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
# data length.
loadKeyBlob:
# -----------------------------------------===== Offset [Required] =====------------------------------------------
# Description: Offset of the key blob.
offset: 0
# -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
# Description: Wrapping ID of key blob.
# Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
wrappingKeyId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_keyblob.bin
# ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
# Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
# indicates whether it's as binary or hex
# Possible options: <no, bin, hex>
plainInput: no
# =========================== [Example of possible configuration: #9 , erase if not used] ============================
# -------------------------------------===== Configure memory [Required] =====--------------------------------------
# Description: Configure memory.
configureMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Configuration address.
configAddress: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be configured.
memoryId: 0
# =========================== [Example of possible configuration: #10 , erase if not used] ===========================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #11 , erase if not used] ===========================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for mcxw716a#
SecureBinary31 for mcxw716a JSON schema
SecureBinary31 for mcxw716a YAML configuration template
# ============================= Secure Binary v3.1 Configuration template for mcxw716a. ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxw716a
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for mcxw716c#
SecureBinary31 for mcxw716c JSON schema
SecureBinary31 for mcxw716c YAML configuration template
# ============================= Secure Binary v3.1 Configuration template for mcxw716c. ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxw716c
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for mcxw727a#
SecureBinary31 for mcxw727a JSON schema
SecureBinary31 for mcxw727a YAML configuration template
# ============================= Secure Binary v3.1 Configuration template for mcxw727a. ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxw727a
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for mcxw727c#
SecureBinary31 for mcxw727c JSON schema
SecureBinary31 for mcxw727c YAML configuration template
# ============================= Secure Binary v3.1 Configuration template for mcxw727c. ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxw727c
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for mcxw727d#
SecureBinary31 for mcxw727d JSON schema
SecureBinary31 for mcxw727d YAML configuration template
# ============================= Secure Binary v3.1 Configuration template for mcxw727d. ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxw727d
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
# startAddress.
loadCMAC:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be CMAC loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be CMAC loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_cmac_binary.bin
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
# data, which are reserved for it.
loadHashLocking:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_hashlocking_binary.bin
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for mimxrt735s#
SecureBinary31 for mimxrt735s JSON schema
SecureBinary31 for mimxrt735s YAML configuration template
# ============================ Secure Binary v3.1 Configuration template for mimxrt735s. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mimxrt735s
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, copy, loadKeyBlob, configureMemory, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# -------------------------------------------===== Copy [Required] =====--------------------------------------------
# Description: Used for copying data from one place to another. 32 bytes fixed size.
copy:
# --------------------------------------===== Address From [Required] =====---------------------------------------
# Description: Address of memory block to be copied.
addressFrom: 0
# -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
# Description: ID of memory block to be copied.
memoryIdFrom: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be copied.
size: 4096
# ---------------------------------------===== Address To [Required] =====----------------------------------------
# Description: Address of memory where block to be copied.
addressTo: 536870912
# --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
# Description: ID of memory block where to be copied.
memoryIdTo: 0
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
# Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
# data length.
loadKeyBlob:
# -----------------------------------------===== Offset [Required] =====------------------------------------------
# Description: Offset of the key blob.
offset: 0
# -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
# Description: Wrapping ID of key blob.
# Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
wrappingKeyId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_keyblob.bin
# ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
# Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
# indicates whether it's as binary or hex
# Possible options: <no, bin, hex>
plainInput: no
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# -------------------------------------===== Configure memory [Required] =====--------------------------------------
# Description: Configure memory.
configureMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Configuration address.
configAddress: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be configured.
memoryId: 0
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for mimxrt758s#
SecureBinary31 for mimxrt758s JSON schema
SecureBinary31 for mimxrt758s YAML configuration template
# ============================ Secure Binary v3.1 Configuration template for mimxrt758s. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mimxrt758s
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, copy, loadKeyBlob, configureMemory, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# -------------------------------------------===== Copy [Required] =====--------------------------------------------
# Description: Used for copying data from one place to another. 32 bytes fixed size.
copy:
# --------------------------------------===== Address From [Required] =====---------------------------------------
# Description: Address of memory block to be copied.
addressFrom: 0
# -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
# Description: ID of memory block to be copied.
memoryIdFrom: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be copied.
size: 4096
# ---------------------------------------===== Address To [Required] =====----------------------------------------
# Description: Address of memory where block to be copied.
addressTo: 536870912
# --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
# Description: ID of memory block where to be copied.
memoryIdTo: 0
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
# Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
# data length.
loadKeyBlob:
# -----------------------------------------===== Offset [Required] =====------------------------------------------
# Description: Offset of the key blob.
offset: 0
# -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
# Description: Wrapping ID of key blob.
# Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
wrappingKeyId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_keyblob.bin
# ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
# Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
# indicates whether it's as binary or hex
# Possible options: <no, bin, hex>
plainInput: no
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# -------------------------------------===== Configure memory [Required] =====--------------------------------------
# Description: Configure memory.
configureMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Configuration address.
configAddress: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be configured.
memoryId: 0
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for mimxrt798s#
SecureBinary31 for mimxrt798s JSON schema
SecureBinary31 for mimxrt798s YAML configuration template
# ============================ Secure Binary v3.1 Configuration template for mimxrt798s. =============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mimxrt798s
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 9 options. ==
# Options [erase, load, execute, programFuses, copy, loadKeyBlob, configureMemory, fillMemory, checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# -------------------------------------------===== Copy [Required] =====--------------------------------------------
# Description: Used for copying data from one place to another. 32 bytes fixed size.
copy:
# --------------------------------------===== Address From [Required] =====---------------------------------------
# Description: Address of memory block to be copied.
addressFrom: 0
# -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
# Description: ID of memory block to be copied.
memoryIdFrom: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be copied.
size: 4096
# ---------------------------------------===== Address To [Required] =====----------------------------------------
# Description: Address of memory where block to be copied.
addressTo: 536870912
# --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
# Description: ID of memory block where to be copied.
memoryIdTo: 0
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
# Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
# data length.
loadKeyBlob:
# -----------------------------------------===== Offset [Required] =====------------------------------------------
# Description: Offset of the key blob.
offset: 0
# -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
# Description: Wrapping ID of key blob.
# Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
wrappingKeyId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_keyblob.bin
# ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
# Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
# indicates whether it's as binary or hex
# Possible options: <no, bin, hex>
plainInput: no
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# -------------------------------------===== Configure memory [Required] =====--------------------------------------
# Description: Configure memory.
configureMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Configuration address.
configAddress: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be configured.
memoryId: 0
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for rw610#
SecureBinary31 for rw610 JSON schema
SecureBinary31 for rw610 YAML configuration template
# =============================== Secure Binary v3.1 Configuration template for rw610. ===============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: rw610
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a1, a2, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 10 options. ==
# Options [erase, load, execute, programFuses, programIFR, copy, loadKeyBlob, configureMemory, fillMemory,
# checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -------------------------------------------===== Copy [Required] =====--------------------------------------------
# Description: Used for copying data from one place to another. 32 bytes fixed size.
copy:
# --------------------------------------===== Address From [Required] =====---------------------------------------
# Description: Address of memory block to be copied.
addressFrom: 0
# -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
# Description: ID of memory block to be copied.
memoryIdFrom: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be copied.
size: 4096
# ---------------------------------------===== Address To [Required] =====----------------------------------------
# Description: Address of memory where block to be copied.
addressTo: 536870912
# --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
# Description: ID of memory block where to be copied.
memoryIdTo: 0
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
# Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
# data length.
loadKeyBlob:
# -----------------------------------------===== Offset [Required] =====------------------------------------------
# Description: Offset of the key blob.
offset: 0
# -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
# Description: Wrapping ID of key blob.
# Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
wrappingKeyId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_keyblob.bin
# ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
# Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
# indicates whether it's as binary or hex
# Possible options: <no, bin, hex>
plainInput: no
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# -------------------------------------===== Configure memory [Required] =====--------------------------------------
# Description: Configure memory.
configureMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Configuration address.
configAddress: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be configured.
memoryId: 0
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #9 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure
SecureBinary31 for rw612#
SecureBinary31 for rw612 JSON schema
SecureBinary31 for rw612 YAML configuration template
# =============================== Secure Binary v3.1 Configuration template for rw612. ===============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: rw612
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a1, a2, latest>
revision: latest
# ======================================================================================================================
# == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
# == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
# == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
# == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
# == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
-
# ====================================================================================================================
# == List of possible 10 options. ==
# Options [erase, load, execute, programFuses, programIFR, copy, loadKeyBlob, configureMemory, fillMemory,
# checkFwVersion]
# ====================================================================================================================
# =========================== [Example of possible configuration: #0 , erase if not used] ============================
# -------------------------------------------===== Erase [Required] =====-------------------------------------------
# Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
erase:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be erased.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be erased.
size: 4096
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be erased.
memoryId: 0
# =========================== [Example of possible configuration: #1 , erase if not used] ============================
# -------------------------------------------===== Load [Required] =====--------------------------------------------
# Description: If set, then the data to write immediately follows the range header. The length field contains the
# actual data length
load:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be loaded.
address: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be loaded.
memoryId: 0
# --------------------------------------===== Binary file. [Optional] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_binary.bin
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be loaded.
values: 0x1234, 0x5678, 0, 12345678
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be loaded. Value will be converted to binary little endian format.
value: '0xB38AA899'
# -------------------------------------===== Authentication [Optional] =====--------------------------------------
# Description: If authentication is not used, just omit this option or set 'none'.
# Possible options: <none, cmac, hashlocking>
authentication: cmac
# =========================== [Example of possible configuration: #2 , erase if not used] ============================
# ------------------------------------------===== Execute [Required] =====------------------------------------------
# Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
execute:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Jump-to address to start execute code.
address: 0
# =========================== [Example of possible configuration: #3 , erase if not used] ============================
# ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
# Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
# Values is a comma separated list of 32bit values.
programFuses:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
address: 0
# --------------------------------------===== Binary values [Required] =====--------------------------------------
# Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #4 , erase if not used] ============================
# ----------------------------------------===== Program IFR [Required] =====----------------------------------------
# Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
# to IFR region. The data to write to IFR region at the given address will immediately follow the header
programIFR:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of IFR region to be programmed.
address: 0
# ---------------------------------------===== Binary file [Optional] =====---------------------------------------
# Description: Binary file to be programmed.
file: my_binary.bin
# --------------------------------------===== Binary value [Optional] =====---------------------------------------
# Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
# format.
value: '0xB38AA899'
# -------------------------------------===== Binary values. [Optional] =====--------------------------------------
# Description: 32-bit binary values delimited by comma to be programmed.
values: 0x1234, 0x5678, 0, 12345678
# =========================== [Example of possible configuration: #5 , erase if not used] ============================
# -------------------------------------------===== Copy [Required] =====--------------------------------------------
# Description: Used for copying data from one place to another. 32 bytes fixed size.
copy:
# --------------------------------------===== Address From [Required] =====---------------------------------------
# Description: Address of memory block to be copied.
addressFrom: 0
# -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
# Description: ID of memory block to be copied.
memoryIdFrom: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be copied.
size: 4096
# ---------------------------------------===== Address To [Required] =====----------------------------------------
# Description: Address of memory where block to be copied.
addressTo: 536870912
# --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
# Description: ID of memory block where to be copied.
memoryIdTo: 0
# =========================== [Example of possible configuration: #6 , erase if not used] ============================
# ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
# Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
# data length.
loadKeyBlob:
# -----------------------------------------===== Offset [Required] =====------------------------------------------
# Description: Offset of the key blob.
offset: 0
# -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
# Description: Wrapping ID of key blob.
# Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
wrappingKeyId: 0
# ---------------------------------------===== Binary file [Required] =====---------------------------------------
# Description: Binary file to be loaded.
file: my_keyblob.bin
# ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
# Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
# indicates whether it's as binary or hex
# Possible options: <no, bin, hex>
plainInput: no
# =========================== [Example of possible configuration: #7 , erase if not used] ============================
# -------------------------------------===== Configure memory [Required] =====--------------------------------------
# Description: Configure memory.
configureMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Configuration address.
configAddress: 0
# ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
# Description: ID of memory block to be configured.
memoryId: 0
# =========================== [Example of possible configuration: #8 , erase if not used] ============================
# ----------------------------------------===== Fill memory [Required] =====----------------------------------------
# Description: Used for filling of the memory range by same repeated int32 pattern.
fillMemory:
# -----------------------------------------===== Address [Required] =====-----------------------------------------
# Description: Address of memory block to be filled.
address: 0
# ------------------------------------------===== Size [Required] =====-------------------------------------------
# Description: Size of memory block to be filled.
size: 4096
# -----------------------------------------===== Pattern [Required] =====-----------------------------------------
# Description: Pattern which will be used to fill memory.
pattern: 2779096485
# =========================== [Example of possible configuration: #9 , erase if not used] ============================
# ----------------------------------===== Check firmware version [Required] =====-----------------------------------
# Description: Checks FW version value specified in command for specified counter ID. FW version value in command
# must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
checkFwVersion:
# --------------------------------===== Value - Firmware version [Required] =====---------------------------------
# Description: Firmware version to be compared.
value: 1
# ---------------------------------------===== Counter ID [Required] =====----------------------------------------
# Description: ID of FW counter to be checked.
# Possible options: <none, nonsecure, secure, radio, snt, bootloader>
counterId: secure