If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
NXP chip family identifier.
Revision of silicon. The 'latest' name, means most current revision.
Path to PCK/NPK 256 or 128 bit key in plain hex string format or path to binary file or hex string.
Accepted values are 0, 1, 2 and 3. Value used as key properties for key derivation process, more details can be found in CSSv2 manual.
Description up to 16 characters, longer will be truncated. Stored in SB4.0 manifest.
Generated SB4 container filename.
If false, generated SB4.0 blocks are not encrypted, only for testing, ROM won't accept unencrypted SB4.0 file. If option is missing, SB4.0 file is automatically encrypted.
For testing purposes. This option can override real timestamp of SB4 file.
Image version used for rollback protection in SB4 format. While primarily designed for dual boot scenarios in MBI (Master Boot Image), this field provides security through firmware version validation.
Rollback Protection Mechanism:
The image version must be equal to or greater than the version stored in fuses or PFR (Protected Flash Region) to ensure proper rollback protection.
Version Calculation (e.g., MCXN556s series):
The firmware version is calculated by combining the image version with the fuse version:
fwversion = (imageVersion << 8) | fuseversion
Validation Process:
During rollback protection, the calculated firmware version is checked against the 'SECUREFWVERSION' value stored in the CFPA (Customer Field Programmable Area) page. Only firmware with versions equal to or higher than the stored value will be allowed to execute.
Defines which set is used to authenticate the container.
Which key from SRK set is being used.
The value must be equal or greater than the version stored in fuses or PFR to provide proper rollback protection. For example, on the MCXN556s series, the fuse version is used for rollback protection, where it is joined with the image version to create a firmware version 'fwversion = (imageVersion << 8) | (fuseversion)'. During rollback protection, the firmware version is checked against 'SECUREFWVERSION' in the CFPA page.
Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>' or a private key used for sign the container header. Header can be signed by SRK. The referenced SRK must not have been revoked.
Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>' or a private key used for second sign (PQC only) of the container header. Header can be signed by SRK. The referenced SRK must not have been revoked.
SRK (Super Root key) table definition.
CA Flag is used by HAB to indicate if the SRK is allowed to sign other keys
Table containing the used SRK records. All SRKs must be of the same type. Supported signing algorithms are: RSA-PSS, ECDSA, Dilithium or SM2. Supported hash algorithms: sha256, sha384, sha512, sha3256, sha3384, sha3_512, sm3. Supported key sizes/curves: prime256v1, sec384r1, sec512r1, rsa2048, rsa4096, dilithium3, sm2. Certificate may be of Certificate Authority. Dilithium algorithms are supported just in new type of AHAB container
Must contain a minimum of 4 items
Must contain a maximum of 4 items
Path to SRK Key file.
CA Flag is used by HAB to indicate if the SRK is allowed to sign other keys
Table containing the used SRK Dilithium records. All SRKs must be of the same type. Supported signing algorithms are: Dilithium level 3. Supported hash algorithms: sha3256, sha3384, sha3_512. Certificate may be of Certificate Authority.
Must contain a minimum of 4 items
Must contain a maximum of 4 items
Path to SRK Key file.
The file that contains AHAB certificate. It could be used already prepared binary form signed by SRK, or it is possible to use configuration YAML file of certificate and the AHAB export process it will export it itself.
HASH type of image.
Target core id to select kind of image.
Secure Binary v3.1 commands block, list of all possible options - Modify it according to your application
No Additional ItemsPerforms a flash erase of the given address range. The erase will be rounded up to the sector size.
Address of memory block to be erased.
Size of memory block to be erased.
ID of memory block to be erased.
If set, then the data to write immediately follows the range header. The length field contains the actual data length
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
^(0x|0b)|,|^[0-9]+$
Address of memory block to be loaded.
ID of memory block to be loaded.
The data to be loaded, it could be defined in following formats:
- 32-bit value. Value will be converted to binary in little endian format. Example: '0xB38AA899' or '0b111000'
- Array of 32-bit binary values delimited by comma to be loaded. Individual 32-bit values will be stored in little endian format. Example: 0x1234, 0x5678, 0, 12345678
- List of integers passed as an array.
- Path to binary file. Example: my_binary.bin
Use LZMA compression of date before loading onto the target
Size of memory sector where data should be loaded.
Address is the jump-to address. No further processing of SB after jump, ROM do not expect to return.
Jump-to address to start execute code.
Address is OTP index of fuses to be programmed (Check the reference manual for more information). Values is a comma separated list of 32bit values.
OTP Index of fuses to be programmed. Depends on the chip ROM.
32bit binary values delimited by comma or one 32 bit integer to be programmed.
The startAddress will be the address into the IFR region, length will be in number of bytes to write to IFR region. The data to write to IFR region at the given address will immediately follow the header
Address of IFR region to be programmed.
The data to be loaded, it could be defined in following formats:
- 32-bit value. Value will be converted to binary in little endian format. Example: '0xB38AA899' or '0b111000'
- Array of 32-bit binary values delimited by comma to be loaded. Individual 32-bit values will be stored in little endian format. Example: 0x1234, 0x5678, 0, 12345678
- List of integers passed as an array.
- Path to binary file. Example: my_binary.bin
If set, then the data to write immediately follows the range header. The length field contains the actual data length. ROM is calculating cmac from loaded data and storing on address known by ROM decided based on startAddress.
Address of memory block to be CMAC loaded.
ID of memory block to be CMAC loaded.
Binary file to be loaded.
Used for copying data from one place to another. 32 bytes fixed size.
Address of memory block to be copied.
ID of memory block to be copied.
Size of memory block to be copied.
Address of memory where block to be copied.
ID of memory block where to be copied.
If set, then the data to write immediately follows the range header. The length field contains the actual data length. ROM is calculating hash of the data and storing the value in the last 64 bytes of the loaded data, which are reserved for it.
Address of memory block to be loaded.
ID of memory block to be loaded.
Binary file to be loaded.
Wrapped key blob immediately follows the range key blob header. The length field contains the actual data length.
Offset of the key blob.
Wrapping ID of key blob.
Binary file to be loaded.
Indicates whether key is provided as plaintext or not. If it's in plaintext this option also indicates whether it's as binary or hex
Configure memory.
Configuration address.
ID of memory block to be configured.
Used for filling of the memory range by same repeated int32 pattern.
Address of memory block to be filled.
Size of memory block to be filled.
Pattern which will be used to fill memory.
Checks FW version value specified in command for specified counter ID. FW version value in command must be greater than value programmed in OTP to be accepted, otherwise rollback is detected and receive SB fails
Firmware version to be compared.
ID of FW counter to be checked.
Resets the target