LPC55Sxx - Preparing files for programming (Secure Binary)

Used software to transform the original file and generate the necessary files:

• MCUXpresso Secure Provisioning Tool - version 4.0.

 Instructions

MCUXpresso Secure Provisioning Tool

• Open MCUXpresso Secure Provisioning Tool. You can download the latest software version from here: MCUXpresso Secure Provisioning Tool

• Create a New Workspace. The Workspace will contain the keys, certificates, source file, boot file and configuration settings.

Open

• Select the path for the New Workspace, Series and Processor. Choose “Create”.

Open

• Select the Boot Type. Only the "Signed", "Encrypted (PRINCE) with CRC", and "Encrypted (PRINCE) and Signed" options generate a Secure Binary file.

• After selecting the boot image type, generate/add the necessary certificates/keys. Choose “PKI managment”.

• Select "Generate keys" on the PKI managment page.

• When the configuration is complete, click “Generate”.

• Once the keys have been generated/added, return to page one. Choose “Bulid image”.

• Select the location of the executable image source file, the start address and bootable image path.

• Select “TrustZone pre-configuration“ and ROT image depending on your needs.

• Generate randomly or enter your SBKEK. SBKEK is necessary to decrypt secure binary file.

• If you want to enable an additional security option, you can select the “PFR Configuration”.

• Additional configuration data and additional security can be set in the "CFPA" and "CMPA" windows. Confirm the changes by clicking the “OK” button.

• Click "Bulid Image" button. Now there is a Secure Binary file in the bootable_images folder in the workspace.

The necessary files can be found:

• SB file - "C:\..\bootable_images\lpc55s06.sb",

• CMPA file - “C:\..\gen_sb\cmpa_sealed.bin” or "C:\..\gen_sb\cmpa_non_sealed.bin",

• CFPA file - "C:\..\gen_sb\cfpa.bin",

• SBKEK - “C:\..\gen_scripts\sbkek.txt”.