Secure Binary 3.1#

SB 3.1 is an evolution of the SB 2 format. The configuration is done in a similar way as a master boot image by configuration file in YAML or JSON. BD files are no longer used, commands are supplied in the configuration file.

Example of use nxpimage: nxpimage sb31 export "sb3_config.yaml

Supported commands#

List of SB 3.1 supported commands#

Command

Command Description

k32w148

kw45b41z5

kw45b41z8

kw47b42z83

kw47b42z96

kw47b42z97

kw47b42zb2

kw47b42zb3

kw47b42zb6

kw47b42zb7

kw47z42082

kw47z42092

kw47z420b2

kw47z420b3

lpc55s36

mcxn235

mcxn236

mcxn546

mcxn547

mcxn946

mcxn947

mcxw716a

mcxw716c

mcxw727a

mcxw727c

mcxw727d

mimxrt735s

mimxrt758s

mimxrt798s

rw610

rw612

erase

Performs a flash erase of the given address range. The erase will be rounded up to the sector size.

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

load

If set, then the data to write immediately follows the range header. The length field contains the actual data length

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

execute

Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

call

Address is address to jump. However, the state machine should expect a return to the next statement to continue processing the SB file

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

programFuses

Address is OTP index of fuses to be programmed (Check the reference manual for more information). Values is a comma separated list of 32bit values.

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

programIFR

The startAddress will be the address into the IFR region, length will be in number of bytes to write to IFR region. The data to write to IFR region at the given address will immediately follow the header

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

NO

NO

NO

YES

YES

loadCMAC

If set, then the data to write immediately follows the range header. The length field contains the actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on startAddress.

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

NO

NO

NO

NO

NO

copy

Used for copying data from one place to another. 32 bytes fixed size.

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

YES

YES

YES

YES

YES

YES

YES

NO

NO

NO

NO

NO

YES

YES

YES

YES

YES

loadHashLocking

If set, then the data to write immediately follows the range header. The length field contains the actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded data, which are reserved for it.

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

NO

NO

NO

NO

NO

loadKeyBlob

Wrapped key blob immediately follows the range key blob header. The length field contains the actual data length.

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

YES

YES

YES

YES

YES

YES

YES

NO

NO

NO

NO

NO

YES

YES

YES

YES

YES

configureMemory

Configure memory.

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

YES

YES

YES

YES

YES

YES

YES

NO

NO

NO

NO

NO

YES

YES

YES

YES

YES

fillMemory

Used for filling of the memory range by same repeated int32 pattern.

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

checkFwVersion

Checks FW version value specified in command for specified counter ID. FW version value in command must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

Supported configuration options#

SecureBinary31 for k32w148#

SecureBinary31 for k32w148 JSON schema

Open it in full page

SecureBinary31 for k32w148 YAML configuration template
# ==============================  Secure Binary v3.1 Configuration template for k32w148.  ==============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: k32w148
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for kw45b41z5#

SecureBinary31 for kw45b41z5 JSON schema

Open it in full page

SecureBinary31 for kw45b41z5 YAML configuration template
# =============================  Secure Binary v3.1 Configuration template for kw45b41z5.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw45b41z5
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for kw45b41z8#

SecureBinary31 for kw45b41z8 JSON schema

Open it in full page

SecureBinary31 for kw45b41z8 YAML configuration template
# =============================  Secure Binary v3.1 Configuration template for kw45b41z8.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw45b41z8
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for kw47b42z83#

SecureBinary31 for kw47b42z83 JSON schema

Open it in full page

SecureBinary31 for kw47b42z83 YAML configuration template
# ============================  Secure Binary v3.1 Configuration template for kw47b42z83.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47b42z83
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for kw47b42z96#

SecureBinary31 for kw47b42z96 JSON schema

Open it in full page

SecureBinary31 for kw47b42z96 YAML configuration template
# ============================  Secure Binary v3.1 Configuration template for kw47b42z96.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47b42z96
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for kw47b42z97#

SecureBinary31 for kw47b42z97 JSON schema

Open it in full page

SecureBinary31 for kw47b42z97 YAML configuration template
# ============================  Secure Binary v3.1 Configuration template for kw47b42z97.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47b42z97
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for kw47b42zb2#

SecureBinary31 for kw47b42zb2 JSON schema

Open it in full page

SecureBinary31 for kw47b42zb2 YAML configuration template
# ============================  Secure Binary v3.1 Configuration template for kw47b42zb2.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47b42zb2
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for kw47b42zb3#

SecureBinary31 for kw47b42zb3 JSON schema

Open it in full page

SecureBinary31 for kw47b42zb3 YAML configuration template
# ============================  Secure Binary v3.1 Configuration template for kw47b42zb3.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47b42zb3
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for kw47b42zb6#

SecureBinary31 for kw47b42zb6 JSON schema

Open it in full page

SecureBinary31 for kw47b42zb6 YAML configuration template
# ============================  Secure Binary v3.1 Configuration template for kw47b42zb6.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47b42zb6
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for kw47b42zb7#

SecureBinary31 for kw47b42zb7 JSON schema

Open it in full page

SecureBinary31 for kw47b42zb7 YAML configuration template
# ============================  Secure Binary v3.1 Configuration template for kw47b42zb7.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47b42zb7
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for kw47z42082#

SecureBinary31 for kw47z42082 JSON schema

Open it in full page

SecureBinary31 for kw47z42082 YAML configuration template
# ============================  Secure Binary v3.1 Configuration template for kw47z42082.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47z42082
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for kw47z42092#

SecureBinary31 for kw47z42092 JSON schema

Open it in full page

SecureBinary31 for kw47z42092 YAML configuration template
# ============================  Secure Binary v3.1 Configuration template for kw47z42092.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47z42092
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for kw47z420b2#

SecureBinary31 for kw47z420b2 JSON schema

Open it in full page

SecureBinary31 for kw47z420b2 YAML configuration template
# ============================  Secure Binary v3.1 Configuration template for kw47z420b2.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47z420b2
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for kw47z420b3#

SecureBinary31 for kw47z420b3 JSON schema

Open it in full page

SecureBinary31 for kw47z420b3 YAML configuration template
# ============================  Secure Binary v3.1 Configuration template for kw47z420b3.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: kw47z420b3
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for lpc55s36#

SecureBinary31 for lpc55s36 JSON schema

Open it in full page

SecureBinary31 for lpc55s36 YAML configuration template
# =============================  Secure Binary v3.1 Configuration template for lpc55s36.  ==============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: lpc55s36
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 12 options. ==
  #        Options [erase, load, execute, programFuses, programIFR, loadCMAC, copy, loadHashLocking, loadKeyBlob,
  #                                     configureMemory, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # -------------------------------------------===== Copy [Required] =====--------------------------------------------
    # Description: Used for copying data from one place to another. 32 bytes fixed size.
    copy:
      # --------------------------------------===== Address From [Required] =====---------------------------------------
      # Description: Address of memory block to be copied.
      addressFrom: 0
      # -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
      # Description: ID of memory block to be copied.
      memoryIdFrom: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be copied.
      size: 4096
      # ---------------------------------------===== Address To [Required] =====----------------------------------------
      # Description: Address of memory where block to be copied.
      addressTo: 536870912
      # --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
      # Description: ID of memory block where to be copied.
      memoryIdTo: 0

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
    # Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
    # data length.
    loadKeyBlob:
      # -----------------------------------------===== Offset [Required] =====------------------------------------------
      # Description: Offset of the key blob.
      offset: 0
      # -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
      # Description: Wrapping ID of key blob.
      # Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
      wrappingKeyId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_keyblob.bin
      # ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
      # Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
      # indicates whether it's as binary or hex
      # Possible options: <no, bin, hex>
      plainInput: no

  #  =========================== [Example of possible configuration: #9 , erase if not used] ============================
    # -------------------------------------===== Configure memory [Required] =====--------------------------------------
    # Description: Configure memory.
    configureMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Configuration address.
      configAddress: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be configured.
      memoryId: 0

  #  =========================== [Example of possible configuration: #10 , erase if not used] ===========================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #11 , erase if not used] ===========================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for mcxn235#

SecureBinary31 for mcxn235 JSON schema

Open it in full page

SecureBinary31 for mcxn235 YAML configuration template
# ==============================  Secure Binary v3.1 Configuration template for mcxn235.  ==============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxn235
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 12 options. ==
  #        Options [erase, load, execute, programFuses, programIFR, loadCMAC, copy, loadHashLocking, loadKeyBlob,
  #                                     configureMemory, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # -------------------------------------------===== Copy [Required] =====--------------------------------------------
    # Description: Used for copying data from one place to another. 32 bytes fixed size.
    copy:
      # --------------------------------------===== Address From [Required] =====---------------------------------------
      # Description: Address of memory block to be copied.
      addressFrom: 0
      # -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
      # Description: ID of memory block to be copied.
      memoryIdFrom: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be copied.
      size: 4096
      # ---------------------------------------===== Address To [Required] =====----------------------------------------
      # Description: Address of memory where block to be copied.
      addressTo: 536870912
      # --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
      # Description: ID of memory block where to be copied.
      memoryIdTo: 0

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
    # Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
    # data length.
    loadKeyBlob:
      # -----------------------------------------===== Offset [Required] =====------------------------------------------
      # Description: Offset of the key blob.
      offset: 0
      # -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
      # Description: Wrapping ID of key blob.
      # Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
      wrappingKeyId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_keyblob.bin
      # ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
      # Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
      # indicates whether it's as binary or hex
      # Possible options: <no, bin, hex>
      plainInput: no

  #  =========================== [Example of possible configuration: #9 , erase if not used] ============================
    # -------------------------------------===== Configure memory [Required] =====--------------------------------------
    # Description: Configure memory.
    configureMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Configuration address.
      configAddress: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be configured.
      memoryId: 0

  #  =========================== [Example of possible configuration: #10 , erase if not used] ===========================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #11 , erase if not used] ===========================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for mcxn236#

SecureBinary31 for mcxn236 JSON schema

Open it in full page

SecureBinary31 for mcxn236 YAML configuration template
# ==============================  Secure Binary v3.1 Configuration template for mcxn236.  ==============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxn236
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 12 options. ==
  #        Options [erase, load, execute, programFuses, programIFR, loadCMAC, copy, loadHashLocking, loadKeyBlob,
  #                                     configureMemory, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # -------------------------------------------===== Copy [Required] =====--------------------------------------------
    # Description: Used for copying data from one place to another. 32 bytes fixed size.
    copy:
      # --------------------------------------===== Address From [Required] =====---------------------------------------
      # Description: Address of memory block to be copied.
      addressFrom: 0
      # -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
      # Description: ID of memory block to be copied.
      memoryIdFrom: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be copied.
      size: 4096
      # ---------------------------------------===== Address To [Required] =====----------------------------------------
      # Description: Address of memory where block to be copied.
      addressTo: 536870912
      # --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
      # Description: ID of memory block where to be copied.
      memoryIdTo: 0

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
    # Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
    # data length.
    loadKeyBlob:
      # -----------------------------------------===== Offset [Required] =====------------------------------------------
      # Description: Offset of the key blob.
      offset: 0
      # -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
      # Description: Wrapping ID of key blob.
      # Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
      wrappingKeyId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_keyblob.bin
      # ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
      # Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
      # indicates whether it's as binary or hex
      # Possible options: <no, bin, hex>
      plainInput: no

  #  =========================== [Example of possible configuration: #9 , erase if not used] ============================
    # -------------------------------------===== Configure memory [Required] =====--------------------------------------
    # Description: Configure memory.
    configureMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Configuration address.
      configAddress: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be configured.
      memoryId: 0

  #  =========================== [Example of possible configuration: #10 , erase if not used] ===========================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #11 , erase if not used] ===========================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for mcxn546#

SecureBinary31 for mcxn546 JSON schema

Open it in full page

SecureBinary31 for mcxn546 YAML configuration template
# ==============================  Secure Binary v3.1 Configuration template for mcxn546.  ==============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxn546
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 12 options. ==
  #        Options [erase, load, execute, programFuses, programIFR, loadCMAC, copy, loadHashLocking, loadKeyBlob,
  #                                     configureMemory, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # -------------------------------------------===== Copy [Required] =====--------------------------------------------
    # Description: Used for copying data from one place to another. 32 bytes fixed size.
    copy:
      # --------------------------------------===== Address From [Required] =====---------------------------------------
      # Description: Address of memory block to be copied.
      addressFrom: 0
      # -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
      # Description: ID of memory block to be copied.
      memoryIdFrom: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be copied.
      size: 4096
      # ---------------------------------------===== Address To [Required] =====----------------------------------------
      # Description: Address of memory where block to be copied.
      addressTo: 536870912
      # --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
      # Description: ID of memory block where to be copied.
      memoryIdTo: 0

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
    # Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
    # data length.
    loadKeyBlob:
      # -----------------------------------------===== Offset [Required] =====------------------------------------------
      # Description: Offset of the key blob.
      offset: 0
      # -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
      # Description: Wrapping ID of key blob.
      # Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
      wrappingKeyId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_keyblob.bin
      # ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
      # Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
      # indicates whether it's as binary or hex
      # Possible options: <no, bin, hex>
      plainInput: no

  #  =========================== [Example of possible configuration: #9 , erase if not used] ============================
    # -------------------------------------===== Configure memory [Required] =====--------------------------------------
    # Description: Configure memory.
    configureMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Configuration address.
      configAddress: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be configured.
      memoryId: 0

  #  =========================== [Example of possible configuration: #10 , erase if not used] ===========================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #11 , erase if not used] ===========================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for mcxn547#

SecureBinary31 for mcxn547 JSON schema

Open it in full page

SecureBinary31 for mcxn547 YAML configuration template
# ==============================  Secure Binary v3.1 Configuration template for mcxn547.  ==============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxn547
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 12 options. ==
  #        Options [erase, load, execute, programFuses, programIFR, loadCMAC, copy, loadHashLocking, loadKeyBlob,
  #                                     configureMemory, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # -------------------------------------------===== Copy [Required] =====--------------------------------------------
    # Description: Used for copying data from one place to another. 32 bytes fixed size.
    copy:
      # --------------------------------------===== Address From [Required] =====---------------------------------------
      # Description: Address of memory block to be copied.
      addressFrom: 0
      # -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
      # Description: ID of memory block to be copied.
      memoryIdFrom: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be copied.
      size: 4096
      # ---------------------------------------===== Address To [Required] =====----------------------------------------
      # Description: Address of memory where block to be copied.
      addressTo: 536870912
      # --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
      # Description: ID of memory block where to be copied.
      memoryIdTo: 0

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
    # Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
    # data length.
    loadKeyBlob:
      # -----------------------------------------===== Offset [Required] =====------------------------------------------
      # Description: Offset of the key blob.
      offset: 0
      # -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
      # Description: Wrapping ID of key blob.
      # Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
      wrappingKeyId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_keyblob.bin
      # ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
      # Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
      # indicates whether it's as binary or hex
      # Possible options: <no, bin, hex>
      plainInput: no

  #  =========================== [Example of possible configuration: #9 , erase if not used] ============================
    # -------------------------------------===== Configure memory [Required] =====--------------------------------------
    # Description: Configure memory.
    configureMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Configuration address.
      configAddress: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be configured.
      memoryId: 0

  #  =========================== [Example of possible configuration: #10 , erase if not used] ===========================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #11 , erase if not used] ===========================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for mcxn946#

SecureBinary31 for mcxn946 JSON schema

Open it in full page

SecureBinary31 for mcxn946 YAML configuration template
# ==============================  Secure Binary v3.1 Configuration template for mcxn946.  ==============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxn946
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 12 options. ==
  #        Options [erase, load, execute, programFuses, programIFR, loadCMAC, copy, loadHashLocking, loadKeyBlob,
  #                                     configureMemory, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # -------------------------------------------===== Copy [Required] =====--------------------------------------------
    # Description: Used for copying data from one place to another. 32 bytes fixed size.
    copy:
      # --------------------------------------===== Address From [Required] =====---------------------------------------
      # Description: Address of memory block to be copied.
      addressFrom: 0
      # -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
      # Description: ID of memory block to be copied.
      memoryIdFrom: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be copied.
      size: 4096
      # ---------------------------------------===== Address To [Required] =====----------------------------------------
      # Description: Address of memory where block to be copied.
      addressTo: 536870912
      # --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
      # Description: ID of memory block where to be copied.
      memoryIdTo: 0

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
    # Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
    # data length.
    loadKeyBlob:
      # -----------------------------------------===== Offset [Required] =====------------------------------------------
      # Description: Offset of the key blob.
      offset: 0
      # -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
      # Description: Wrapping ID of key blob.
      # Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
      wrappingKeyId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_keyblob.bin
      # ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
      # Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
      # indicates whether it's as binary or hex
      # Possible options: <no, bin, hex>
      plainInput: no

  #  =========================== [Example of possible configuration: #9 , erase if not used] ============================
    # -------------------------------------===== Configure memory [Required] =====--------------------------------------
    # Description: Configure memory.
    configureMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Configuration address.
      configAddress: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be configured.
      memoryId: 0

  #  =========================== [Example of possible configuration: #10 , erase if not used] ===========================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #11 , erase if not used] ===========================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for mcxn947#

SecureBinary31 for mcxn947 JSON schema

Open it in full page

SecureBinary31 for mcxn947 YAML configuration template
# ==============================  Secure Binary v3.1 Configuration template for mcxn947.  ==============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxn947
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 12 options. ==
  #        Options [erase, load, execute, programFuses, programIFR, loadCMAC, copy, loadHashLocking, loadKeyBlob,
  #                                     configureMemory, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # -------------------------------------------===== Copy [Required] =====--------------------------------------------
    # Description: Used for copying data from one place to another. 32 bytes fixed size.
    copy:
      # --------------------------------------===== Address From [Required] =====---------------------------------------
      # Description: Address of memory block to be copied.
      addressFrom: 0
      # -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
      # Description: ID of memory block to be copied.
      memoryIdFrom: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be copied.
      size: 4096
      # ---------------------------------------===== Address To [Required] =====----------------------------------------
      # Description: Address of memory where block to be copied.
      addressTo: 536870912
      # --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
      # Description: ID of memory block where to be copied.
      memoryIdTo: 0

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
    # Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
    # data length.
    loadKeyBlob:
      # -----------------------------------------===== Offset [Required] =====------------------------------------------
      # Description: Offset of the key blob.
      offset: 0
      # -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
      # Description: Wrapping ID of key blob.
      # Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
      wrappingKeyId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_keyblob.bin
      # ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
      # Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
      # indicates whether it's as binary or hex
      # Possible options: <no, bin, hex>
      plainInput: no

  #  =========================== [Example of possible configuration: #9 , erase if not used] ============================
    # -------------------------------------===== Configure memory [Required] =====--------------------------------------
    # Description: Configure memory.
    configureMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Configuration address.
      configAddress: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be configured.
      memoryId: 0

  #  =========================== [Example of possible configuration: #10 , erase if not used] ===========================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #11 , erase if not used] ===========================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for mcxw716a#

SecureBinary31 for mcxw716a JSON schema

Open it in full page

SecureBinary31 for mcxw716a YAML configuration template
# =============================  Secure Binary v3.1 Configuration template for mcxw716a.  ==============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxw716a
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for mcxw716c#

SecureBinary31 for mcxw716c JSON schema

Open it in full page

SecureBinary31 for mcxw716c YAML configuration template
# =============================  Secure Binary v3.1 Configuration template for mcxw716c.  ==============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxw716c
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for mcxw727a#

SecureBinary31 for mcxw727a JSON schema

Open it in full page

SecureBinary31 for mcxw727a YAML configuration template
# =============================  Secure Binary v3.1 Configuration template for mcxw727a.  ==============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxw727a
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for mcxw727c#

SecureBinary31 for mcxw727c JSON schema

Open it in full page

SecureBinary31 for mcxw727c YAML configuration template
# =============================  Secure Binary v3.1 Configuration template for mcxw727c.  ==============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxw727c
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for mcxw727d#

SecureBinary31 for mcxw727d JSON schema

Open it in full page

SecureBinary31 for mcxw727d YAML configuration template
# =============================  Secure Binary v3.1 Configuration template for mcxw727d.  ==============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mcxw727d
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #   Options [erase, load, execute, programFuses, programIFR, loadCMAC, loadHashLocking, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -----------------------------------------===== Load CMAC [Required] =====-----------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on
    # startAddress.
    loadCMAC:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be CMAC loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be CMAC loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_cmac_binary.bin

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ----------------------------------===== Load with HASH locking [Required] =====-----------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded
    # data, which are reserved for it.
    loadHashLocking:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_hashlocking_binary.bin

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for mimxrt735s#

SecureBinary31 for mimxrt735s JSON schema

Open it in full page

SecureBinary31 for mimxrt735s YAML configuration template
# ============================  Secure Binary v3.1 Configuration template for mimxrt735s.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mimxrt735s
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #     Options [erase, load, execute, programFuses, copy, loadKeyBlob, configureMemory, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # -------------------------------------------===== Copy [Required] =====--------------------------------------------
    # Description: Used for copying data from one place to another. 32 bytes fixed size.
    copy:
      # --------------------------------------===== Address From [Required] =====---------------------------------------
      # Description: Address of memory block to be copied.
      addressFrom: 0
      # -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
      # Description: ID of memory block to be copied.
      memoryIdFrom: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be copied.
      size: 4096
      # ---------------------------------------===== Address To [Required] =====----------------------------------------
      # Description: Address of memory where block to be copied.
      addressTo: 536870912
      # --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
      # Description: ID of memory block where to be copied.
      memoryIdTo: 0

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
    # Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
    # data length.
    loadKeyBlob:
      # -----------------------------------------===== Offset [Required] =====------------------------------------------
      # Description: Offset of the key blob.
      offset: 0
      # -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
      # Description: Wrapping ID of key blob.
      # Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
      wrappingKeyId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_keyblob.bin
      # ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
      # Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
      # indicates whether it's as binary or hex
      # Possible options: <no, bin, hex>
      plainInput: no

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # -------------------------------------===== Configure memory [Required] =====--------------------------------------
    # Description: Configure memory.
    configureMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Configuration address.
      configAddress: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be configured.
      memoryId: 0

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for mimxrt758s#

SecureBinary31 for mimxrt758s JSON schema

Open it in full page

SecureBinary31 for mimxrt758s YAML configuration template
# ============================  Secure Binary v3.1 Configuration template for mimxrt758s.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mimxrt758s
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #     Options [erase, load, execute, programFuses, copy, loadKeyBlob, configureMemory, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # -------------------------------------------===== Copy [Required] =====--------------------------------------------
    # Description: Used for copying data from one place to another. 32 bytes fixed size.
    copy:
      # --------------------------------------===== Address From [Required] =====---------------------------------------
      # Description: Address of memory block to be copied.
      addressFrom: 0
      # -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
      # Description: ID of memory block to be copied.
      memoryIdFrom: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be copied.
      size: 4096
      # ---------------------------------------===== Address To [Required] =====----------------------------------------
      # Description: Address of memory where block to be copied.
      addressTo: 536870912
      # --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
      # Description: ID of memory block where to be copied.
      memoryIdTo: 0

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
    # Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
    # data length.
    loadKeyBlob:
      # -----------------------------------------===== Offset [Required] =====------------------------------------------
      # Description: Offset of the key blob.
      offset: 0
      # -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
      # Description: Wrapping ID of key blob.
      # Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
      wrappingKeyId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_keyblob.bin
      # ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
      # Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
      # indicates whether it's as binary or hex
      # Possible options: <no, bin, hex>
      plainInput: no

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # -------------------------------------===== Configure memory [Required] =====--------------------------------------
    # Description: Configure memory.
    configureMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Configuration address.
      configAddress: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be configured.
      memoryId: 0

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for mimxrt798s#

SecureBinary31 for mimxrt798s JSON schema

Open it in full page

SecureBinary31 for mimxrt798s YAML configuration template
# ============================  Secure Binary v3.1 Configuration template for mimxrt798s.  =============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: mimxrt798s
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 9 options. ==
  #     Options [erase, load, execute, programFuses, copy, loadKeyBlob, configureMemory, fillMemory, checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # -------------------------------------------===== Copy [Required] =====--------------------------------------------
    # Description: Used for copying data from one place to another. 32 bytes fixed size.
    copy:
      # --------------------------------------===== Address From [Required] =====---------------------------------------
      # Description: Address of memory block to be copied.
      addressFrom: 0
      # -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
      # Description: ID of memory block to be copied.
      memoryIdFrom: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be copied.
      size: 4096
      # ---------------------------------------===== Address To [Required] =====----------------------------------------
      # Description: Address of memory where block to be copied.
      addressTo: 536870912
      # --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
      # Description: ID of memory block where to be copied.
      memoryIdTo: 0

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
    # Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
    # data length.
    loadKeyBlob:
      # -----------------------------------------===== Offset [Required] =====------------------------------------------
      # Description: Offset of the key blob.
      offset: 0
      # -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
      # Description: Wrapping ID of key blob.
      # Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
      wrappingKeyId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_keyblob.bin
      # ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
      # Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
      # indicates whether it's as binary or hex
      # Possible options: <no, bin, hex>
      plainInput: no

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # -------------------------------------===== Configure memory [Required] =====--------------------------------------
    # Description: Configure memory.
    configureMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Configuration address.
      configAddress: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be configured.
      memoryId: 0

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for rw610#

SecureBinary31 for rw610 JSON schema

Open it in full page

SecureBinary31 for rw610 YAML configuration template
# ===============================  Secure Binary v3.1 Configuration template for rw610.  ===============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: rw610
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a1, a2, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 10 options. ==
  #       Options [erase, load, execute, programFuses, programIFR, copy, loadKeyBlob, configureMemory, fillMemory,
  #                                                   checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -------------------------------------------===== Copy [Required] =====--------------------------------------------
    # Description: Used for copying data from one place to another. 32 bytes fixed size.
    copy:
      # --------------------------------------===== Address From [Required] =====---------------------------------------
      # Description: Address of memory block to be copied.
      addressFrom: 0
      # -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
      # Description: ID of memory block to be copied.
      memoryIdFrom: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be copied.
      size: 4096
      # ---------------------------------------===== Address To [Required] =====----------------------------------------
      # Description: Address of memory where block to be copied.
      addressTo: 536870912
      # --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
      # Description: ID of memory block where to be copied.
      memoryIdTo: 0

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
    # Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
    # data length.
    loadKeyBlob:
      # -----------------------------------------===== Offset [Required] =====------------------------------------------
      # Description: Offset of the key blob.
      offset: 0
      # -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
      # Description: Wrapping ID of key blob.
      # Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
      wrappingKeyId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_keyblob.bin
      # ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
      # Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
      # indicates whether it's as binary or hex
      # Possible options: <no, bin, hex>
      plainInput: no

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # -------------------------------------===== Configure memory [Required] =====--------------------------------------
    # Description: Configure memory.
    configureMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Configuration address.
      configAddress: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be configured.
      memoryId: 0

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #9 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure

SecureBinary31 for rw612#

SecureBinary31 for rw612 JSON schema

Open it in full page

SecureBinary31 for rw612 YAML configuration template
# ===============================  Secure Binary v3.1 Configuration template for rw612.  ===============================

# ======================================================================================================================
#                                                 == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options: <k32w148, kw45b41z5, kw45b41z8, kw47b42z83, kw47b42z96, kw47b42z97, kw47b42zb2, kw47b42zb3,
# kw47b42zb6, kw47b42zb7, kw47z42082, kw47z42092, kw47z420b2, kw47z420b3, lpc55s36, mcxn235, mcxn236, mcxn546, mcxn547,
# mcxn946, mcxn947, mcxw716a, mcxw716c, mcxw727a, mcxw727c, mcxw727d, mimxrt735s, mimxrt758s, mimxrt798s, rw610, rw612>
family: rw612
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a1, a2, latest>
revision: latest
# ======================================================================================================================
#                                                  == Basic Settings ==
# ======================================================================================================================
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== SB3 filename [Required] =====------------------------------------------
# Description: Generated SB3 container filename.
containerOutputFile: my_new.sb3
# ======================================================================================================================
#                                              == Image Signing Settings ==
# ======================================================================================================================
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>'.
signProvider: type=file;file_path=my_prv_key.pem
# ======================================================================================================================
#                                              == Certificate Block V2.1 ==
# ======================================================================================================================
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# ======================================================================================================================
#                                           == Secure Binary v3.1 Settings ==
# ======================================================================================================================
# ----------------------------------------===== Part Common Key [Optional] =====----------------------------------------
# Description: Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
containerKeyBlobEncryptionKey: my_pck.txt
# ----------------------------------===== Enable NXP Container format [Optional] =====----------------------------------
# Description: Internal usage only, used for generating SB files with NXP content e.g. provisioning firmware, etc...
isNxpContainer: false
# ---------------------------------------===== KDK access rights [Optional] =====---------------------------------------
# Description: Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details
# can be found in CSSv2 manual.
# Possible options: <0, 1, 2, 3>
kdkAccessRights: 0
# ---------------------------------===== Container configuration word [Optional] =====----------------------------------
# Description: Flag value in SB3.1 manifest, not used by silicons with LPC55S3x ROM. Value can be kept 0, or it can be
# removed from the configuration file.
containerConfigurationWord: 0
# ------------------------------------------===== Description [Optional] =====------------------------------------------
# Description: Description up to 16 characters, longer will be truncated. Stored in SB3.1 manifest.
description: This is description of generated SB file.
# ======================================================================================================================
#                                       == Secure Binary v3.1 Commands Settings ==
# ======================================================================================================================
# ----------------------------------------===== SB3.1 Commands [Required] =====-----------------------------------------
# Description: Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
commands:
  -
  # ====================================================================================================================
  #                                          == List of possible 10 options. ==
  #       Options [erase, load, execute, programFuses, programIFR, copy, loadKeyBlob, configureMemory, fillMemory,
  #                                                   checkFwVersion]
  # ====================================================================================================================

  #  =========================== [Example of possible configuration: #0 , erase if not used] ============================
    # -------------------------------------------===== Erase [Required] =====-------------------------------------------
    # Description: Performs a flash erase of the given address range. The erase will be rounded up to the sector size.
    erase:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be erased.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be erased.
      size: 4096
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be erased.
      memoryId: 0

  #  =========================== [Example of possible configuration: #1 , erase if not used] ============================
    # -------------------------------------------===== Load [Required] =====--------------------------------------------
    # Description: If set, then the data to write immediately follows the range header. The length field contains the
    # actual data length
    load:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be loaded.
      address: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be loaded.
      memoryId: 0
      # --------------------------------------===== Binary file. [Optional] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_binary.bin
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be loaded.
      values: 0x1234, 0x5678, 0, 12345678
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be loaded. Value will be converted to binary little endian format.
      value: '0xB38AA899'
      # -------------------------------------===== Authentication [Optional] =====--------------------------------------
      # Description: If authentication is not used, just omit this option or set 'none'.
      # Possible options: <none, cmac, hashlocking>
      authentication: cmac

  #  =========================== [Example of possible configuration: #2 , erase if not used] ============================
    # ------------------------------------------===== Execute [Required] =====------------------------------------------
    # Description: Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
    execute:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Jump-to address to start execute code.
      address: 0

  #  =========================== [Example of possible configuration: #3 , erase if not used] ============================
    # ---------------------------------------===== Program Fuses [Required] =====---------------------------------------
    # Description: Address is OTP index of fuses to be programmed (Check the reference manual for more information).
    # Values is a comma separated list of 32bit values.
    programFuses:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: OTP Index of fuses to be programmed. Depends on the chip ROM.
      address: 0
      # --------------------------------------===== Binary values [Required] =====--------------------------------------
      # Description: 32bit binary values delimited by comma or one 32 bit integer to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #4 , erase if not used] ============================
    # ----------------------------------------===== Program IFR [Required] =====----------------------------------------
    # Description: The startAddress will be the address into the IFR region, length will be in number of bytes to write
    # to IFR region. The data to write to IFR region at the given address will immediately follow the header
    programIFR:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of IFR region to be programmed.
      address: 0
      # ---------------------------------------===== Binary file [Optional] =====---------------------------------------
      # Description: Binary file to be programmed.
      file: my_binary.bin
      # --------------------------------------===== Binary value [Optional] =====---------------------------------------
      # Description: Binary value to be programmed, at least 4 bytes. Value will be converted to binary little endian
      # format.
      value: '0xB38AA899'
      # -------------------------------------===== Binary values. [Optional] =====--------------------------------------
      # Description: 32-bit binary values delimited by comma to be programmed.
      values: 0x1234, 0x5678, 0, 12345678

  #  =========================== [Example of possible configuration: #5 , erase if not used] ============================
    # -------------------------------------------===== Copy [Required] =====--------------------------------------------
    # Description: Used for copying data from one place to another. 32 bytes fixed size.
    copy:
      # --------------------------------------===== Address From [Required] =====---------------------------------------
      # Description: Address of memory block to be copied.
      addressFrom: 0
      # -------------------------------------===== Memory ID From [Optional] =====--------------------------------------
      # Description: ID of memory block to be copied.
      memoryIdFrom: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be copied.
      size: 4096
      # ---------------------------------------===== Address To [Required] =====----------------------------------------
      # Description: Address of memory where block to be copied.
      addressTo: 536870912
      # --------------------------------------===== Memory ID To [Optional] =====---------------------------------------
      # Description: ID of memory block where to be copied.
      memoryIdTo: 0

  #  =========================== [Example of possible configuration: #6 , erase if not used] ============================
    # ---------------------------------------===== Load Key Blob [Required] =====---------------------------------------
    # Description: Wrapped key blob immediately follows the range key blob header. The length field contains the actual
    # data length.
    loadKeyBlob:
      # -----------------------------------------===== Offset [Required] =====------------------------------------------
      # Description: Offset of the key blob.
      offset: 0
      # -------------------------------------===== Wrapping key ID [Required] =====-------------------------------------
      # Description: Wrapping ID of key blob.
      # Possible options: <NXP_CUST_KEK_INT_SK, NXP_CUST_KEK_EXT_SK>
      wrappingKeyId: 0
      # ---------------------------------------===== Binary file [Required] =====---------------------------------------
      # Description: Binary file to be loaded.
      file: my_keyblob.bin
      # ---------------------------------===== Key Blob as plain text [Optional] =====----------------------------------
      # Description: Indicates whether key is provided as plaintext or not. If it's in plaintext this option also
      # indicates whether it's as binary or hex
      # Possible options: <no, bin, hex>
      plainInput: no

  #  =========================== [Example of possible configuration: #7 , erase if not used] ============================
    # -------------------------------------===== Configure memory [Required] =====--------------------------------------
    # Description: Configure memory.
    configureMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Configuration address.
      configAddress: 0
      # ----------------------------------------===== Memory ID [Optional] =====----------------------------------------
      # Description: ID of memory block to be configured.
      memoryId: 0

  #  =========================== [Example of possible configuration: #8 , erase if not used] ============================
    # ----------------------------------------===== Fill memory [Required] =====----------------------------------------
    # Description: Used for filling of the memory range by same repeated int32 pattern.
    fillMemory:
      # -----------------------------------------===== Address [Required] =====-----------------------------------------
      # Description: Address of memory block to be filled.
      address: 0
      # ------------------------------------------===== Size [Required] =====-------------------------------------------
      # Description: Size of memory block to be filled.
      size: 4096
      # -----------------------------------------===== Pattern [Required] =====-----------------------------------------
      # Description: Pattern which will be used to fill memory.
      pattern: 2779096485

  #  =========================== [Example of possible configuration: #9 , erase if not used] ============================
    # ----------------------------------===== Check firmware version [Required] =====-----------------------------------
    # Description: Checks FW version value specified in command for specified counter ID. FW version value in command
    # must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
    checkFwVersion:
      # --------------------------------===== Value - Firmware version [Required] =====---------------------------------
      # Description: Firmware version to be compared.
      value: 1
      # ---------------------------------------===== Counter ID [Required] =====----------------------------------------
      # Description: ID of FW counter to be checked.
      # Possible options: <none, nonsecure, secure, radio, snt, bootloader>
      counterId: secure