PEmicro Blog

PEmicro adds iMXRT11xx and LPC55Sxx PRINCE to Secure Boot Utility

Apr 09, 2024

PEmicro's Secure Boot Utility is now updated to support NXP's iMXRT11xx devices and PRINCE encryption for LPC55Sxx devices. The Secure Boot Utility greatly simplifies the steps needed to enable security on NXP's iMX and LPC55Sxx processors, including certificate generation, signing of the user application, and setting the necessary non-volatile security settings in flash memory.

What is Secure Boot?

Protecting embedded systems from attacks continues to be a major concern for developers. In response, silicon manufacturers such as NXP are continuously adding new security mechanisms to guard against more sophisticated attacks.

New iMXRT11xx Support

Similar to its iMXRT10xx counterparts, NXP's iMXRT11xx processors support both signed and OTFAD encrypted images. PEmicro's Secure Boot Utility handles all steps to enable these images, including signing of the user application before programming to flash and all of the necessary fuse settings. Please see our article regarding Secure Boot for iMXRT

LPC55Sxx PRINCE Support

PRINCE images are both signed and encrypted, but the encryption key is generated inside the processor using a special PUF (Physical Unclonable Function) peripheral. This creates unique keys for each processor and the key is never exposed to the outside world. PEmicro's Secure Boot Utility handles the enrollment steps to create and store the PRINCE keys, supports up to three PRINCE regions (each protected with a different PRINCE key), and writes all of the necessary PFR bytes to enable these encrypted images. Please see our article regarding Secure Boot for LPC55Sxx.

Tags related to this Blog Post

Cyclone     Cyclone FX     Multilink     Multilink FX     Prog ACMP     NXP     Production Programming