Supported devices for MBI

Contents

Supported devices for MBI#

Supported execution targets are: XIP (Execute in place) and Load to RAM and image authentication types: Plain, CRC, Signed, Encrypted and NXP Signed.

The following table shows the supported image types for each device.

Target in the table represents outputImageExecutionTarget in the configuration file and authentication in the table represents outputImageAuthenticationType.

Supported devices#

Targets

xip

xip

xip

xip

xip

xip

load-to-ram

load-to-ram

load-to-ram

load-to-ram

load-to-ram

load-to-ram

Authentication

plain

crc

signed

signed-nxp

signed-encrypted

nbu-signed

plain

crc

signed

signed-nxp

signed-encrypted

nbu-signed

k32w148

k32w148

k32w148

kw45b41z5

kw45b41z5

kw45b41z5

kw45b41z8

kw45b41z8

kw45b41z8

kw45z41052

kw45z41052

kw45z41052

kw45z41053

kw45z41053

kw45z41053

kw45z41082

kw45z41082

kw45z41082

kw45z41083

kw45z41083

kw45z41083

kw47b42z83

kw47b42z83

kw47b42z83

kw47b42z83

kw47b42z96

kw47b42z96

kw47b42z96

kw47b42z96

kw47b42z97

kw47b42z97

kw47b42z97

kw47b42z97

kw47b42zb2

kw47b42zb2

kw47b42zb2

kw47b42zb2

kw47b42zb3

kw47b42zb3

kw47b42zb3

kw47b42zb3

kw47b42zb6

kw47b42zb6

kw47b42zb6

kw47b42zb6

kw47b42zb7

kw47b42zb7

kw47b42zb7

kw47b42zb7

kw47z42082

kw47z42082

kw47z42082

kw47z42082

kw47z42092

kw47z42092

kw47z42092

kw47z42092

kw47z420b2

kw47z420b2

kw47z420b2

kw47z420b2

kw47z420b3

kw47z420b3

kw47z420b3

kw47z420b3

lpc5502

lpc5504

lpc5506

lpc5512

lpc5514

lpc5516

lpc5526

lpc5526

lpc5528

lpc5528

lpc5534

lpc5534

lpc5536

lpc5536

lpc55s04

lpc55s06

lpc55s14

lpc55s16

lpc55s26

lpc55s26

lpc55s28

lpc55s28

lpc55s36

lpc55s36

lpc55s66

lpc55s66

lpc55s69

lpc55s69

mc56f81646

mc56f81648

mc56f81666

mc56f81668

mc56f81746

mc56f81748

mc56f81766

mc56f81768

mc56f81866

mc56f81868

mcxa132

mcxa133

mcxa142

mcxa143

mcxa144

mcxa145

mcxa146

mcxa152

mcxa153

mcxa154

mcxa155

mcxa156

mcxa173

mcxa174

mcxa175

mcxa176

mcxa185

mcxa186

mcxa255

mcxa256

mcxa265

mcxa266

mcxa343

mcxa344

mcxa345

mcxa346

mcxa355

mcxa356

mcxa365

mcxa366

mcxc041

mcxc141

mcxc142

mcxc143

mcxc144

mcxc242

mcxc243

mcxc244

mcxc443

mcxc444

mcxe245

mcxe246

mcxe247

mcxe315

mcxe316

mcxe317

mcxe31b

mcxl253

mcxl253

mcxl254

mcxl254

mcxl255

mcxl255

mcxn235

mcxn236

mcxn247

mcxn247

mcxn526

mcxn526

mcxn527

mcxn527

mcxn536

mcxn536

mcxn537

mcxn537

mcxn546

mcxn546

mcxn547

mcxn547

mcxn556s

mcxn557s

mcxn946

mcxn946

mcxn947

mcxn947

mcxw235

mcxw236

mcxw716a

mcxw716a

mcxw716a

mcxw716c

mcxw716c

mcxw716c

mcxw727a

mcxw727a

mcxw727a

mcxw727a

mcxw727c

mcxw727c

mcxw727c

mcxw727c

mcxw727d

mcxw727d

mcxw727d

mcxw727d

mimxrt533s

mimxrt533s

mimxrt555s

mimxrt555s

mimxrt595s

mimxrt595s

mimxrt685s

mimxrt685s

mimxrt735s

mimxrt735s

mimxrt735s

mimxrt758s

mimxrt758s

mimxrt758s

mimxrt798s

mimxrt798s

mimxrt798s

mwct2012

mwct2012a

mwct20d2

mwct20d2a

nhs52s04

rw610

rw610

rw612

rw612

Note

For LPC55xx (except for the LPC55S36 with external flash), MCXN9xx and MCXN23x the load-to-RAM images are intended only for recovery boot from 1-bit SPI flash.

Implementation details#

To handle the small differences between the MBI types. Mixin classes were used to define the common parts of the MBI. This definition of required mixins is stored in database for each family of devices. When you click on the supported MBI type in the table above, you will be pointed to the documentation of the specific MBI type. Naming convention for each MBI type is used here just for documentation purposes. For example: “MBI-A-IV-I-TZM-LA-EATZ-ECS” contains first letters of mixins used in the MBI, like App, ImageVersion, IVT, TrustZoneMandatory and others…

If you want to create MBI class directly you might use create_mbi_class function. The function takes two arguments, the first one is the MBI type and the second one is the device family. The method returns the class that can be used to create MBI image.

from spsdk.image.mbi.mbi import create_mbi_class

MbiClass = create_mbi_class("plain", "k32w1xx")

Exporting the image is done in six steps.

  • Validating the input data by calling the validate method.

  • Collecting the data by calling the collect_data method.

  • Optionally encrypting the image by calling the encrypt method.

  • Optionally do post encrypt update by calling the post_encrypt method.

  • Optionally sign the image by calling the sign method.

  • Finalize the image by calling the finalize method.

Supported configuration options#

Refer to the documentation below for the supported configuration options for each image type. Please note that the outputImageExecutionTarget and outputImageAuthenticationType must be filled in addition to the basic settings according to the table with supported devices.

outputImageExecutionTarget: xip # Application target., Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
outputImageAuthenticationType: signed # Type of boot image authentication., Specification of final master boot image authentication.

MBI-A-IZTL-LA-TZM-IST-EATZ#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvtZeroTotalLength

  • Mbi_MixinLoadAddress

  • Mbi_MixinTrustZoneMandatory

  • Mbi_MixinImageSubType

  • Mbi_ExportMixinAppTrustZone

MBI-A-IZTL-LA-TZM-IST-EATZ JSON schema

Open it in full page

MBI-A-IZTL-LA-TZM-IST-EATZ YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                            == MBI-A-IZTL-LA-TZM-IST-EATZ ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc, signed-nxp>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# -----------------------------------------===== Image SubType [Optional] =====-----------------------------------------
# Description: Image subtype determine the image use in MCU. "main" for main application, "nbu" for Narrow Band Unit
# image and "recovery" for recovery image type
# Possible options: <main, nbu, recovery>
outputImageSubtype: main

MBI-A-I-LA-TZM-IST-EATZ-ECS#

MBI Mixins

Class name: crc_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinTrustZoneMandatory

  • Mbi_MixinImageSubType

  • Mbi_ExportMixinAppTrustZone

  • Mbi_ExportMixinCrcSign

MBI-A-I-LA-TZM-IST-EATZ-ECS JSON schema

Open it in full page

MBI-A-I-LA-TZM-IST-EATZ-ECS YAML configuration template 
# ==============================================  YAML template crc_xip  ===============================================

# ======================================================================================================================
#                                           == MBI-A-I-LA-TZM-IST-EATZ-ECS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc, signed-nxp>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# -----------------------------------------===== Image SubType [Optional] =====-----------------------------------------
# Description: Image subtype determine the image use in MCU. "main" for main application, "nbu" for Narrow Band Unit
# image and "recovery" for recovery image type
# Possible options: <main, nbu, recovery>
outputImageSubtype: main

MBI-A-I-LA-CBV-MD-EACBM-EES#

MBI Mixins

Class name: signed_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinCertBlockV21

  • Mbi_MixinManifestDigest

  • Mbi_ExportMixinAppCertBlockManifest

  • Mbi_ExportMixinEccSign

MBI-A-I-LA-CBV-MD-EACBM-EES JSON schema

Open it in full page

MBI-A-I-LA-CBV-MD-EACBM-EES YAML configuration template 
# =============================================  YAML template signed_xip  =============================================

# ======================================================================================================================
#                                           == MBI-A-I-LA-CBV-MD-EACBM-EES ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc, signed-nxp>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0

MBI-A-I-LA-CBV-M-EACBM-EES#

MBI Mixins

Class name: famode

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinCertBlockV21

  • Mbi_MixinManifest

  • Mbi_ExportMixinAppCertBlockManifest

  • Mbi_ExportMixinEccSign

MBI-A-I-LA-CBV-M-EACBM-EES JSON schema

Open it in full page

MBI-A-I-LA-CBV-M-EACBM-EES YAML configuration template 
# ===============================================  YAML template famode  ===============================================

# ======================================================================================================================
#                                            == MBI-A-I-LA-CBV-M-EACBM-EES ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc, signed-nxp>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0

MBI-A-I-LA-CBV-M-IST-EACBM-EES#

MBI Mixins

Class name: famode_nxp

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinCertBlockV21

  • Mbi_MixinManifest

  • Mbi_MixinImageSubType

  • Mbi_ExportMixinAppCertBlockManifest

  • Mbi_ExportMixinEccSign

MBI-A-I-LA-CBV-M-IST-EACBM-EES JSON schema

Open it in full page

MBI-A-I-LA-CBV-M-IST-EACBM-EES YAML configuration template 
# =============================================  YAML template famode_nxp  =============================================

# ======================================================================================================================
#                                          == MBI-A-I-LA-CBV-M-IST-EACBM-EES ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc, signed-nxp>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== Image SubType [Optional] =====-----------------------------------------
# Description: Image subtype determine the image use in MCU. "main" for main application, "nbu" for Narrow Band Unit
# image and "recovery" for recovery image type
# Possible options: <main, nbu, recovery>
outputImageSubtype: main

MBI-A-I-LA-CBV-MD-IST-EACBM-EES#

MBI Mixins

Class name: nxp_signed_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinCertBlockV21

  • Mbi_MixinManifestDigest

  • Mbi_MixinImageSubType

  • Mbi_ExportMixinAppCertBlockManifest

  • Mbi_ExportMixinEccSign

MBI-A-I-LA-CBV-MD-IST-EACBM-EES JSON schema

Open it in full page

MBI-A-I-LA-CBV-MD-IST-EACBM-EES YAML configuration template 
# ===========================================  YAML template nxp_signed_xip  ===========================================

# ======================================================================================================================
#                                         == MBI-A-I-LA-CBV-MD-IST-EACBM-EES ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc, signed-nxp>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== Image SubType [Optional] =====-----------------------------------------
# Description: Image subtype determine the image use in MCU. "main" for main application, "nbu" for Narrow Band Unit
# image and "recovery" for recovery image type
# Possible options: <main, nbu, recovery>
outputImageSubtype: main

MBI-A-I-LA-TZM-IST-EATZ#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinTrustZoneMandatory

  • Mbi_MixinImageSubType

  • Mbi_ExportMixinAppTrustZone

MBI-A-I-LA-TZM-IST-EATZ JSON schema

Open it in full page

MBI-A-I-LA-TZM-IST-EATZ YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                             == MBI-A-I-LA-TZM-IST-EATZ ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, a2.1, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed-nxp, nbu-signed, signed>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# -----------------------------------------===== Image SubType [Optional] =====-----------------------------------------
# Description: Image subtype determine the image use in MCU. "main" for main application, "nbu" for Narrow Band Unit
# image and "recovery" for recovery image type
# Possible options: <main, nbu, recovery>
outputImageSubtype: main

MBI-A-I-LA-IST-CBV-MD-EACBM-EES#

MBI Mixins

Class name: nbu_signed_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinImageSubType

  • Mbi_MixinCertBlockV21

  • Mbi_MixinManifestDigest

  • Mbi_ExportMixinAppCertBlockManifest

  • Mbi_ExportMixinEccSign

MBI-A-I-LA-IST-CBV-MD-EACBM-EES JSON schema

Open it in full page

MBI-A-I-LA-IST-CBV-MD-EACBM-EES YAML configuration template 
# ===========================================  YAML template nbu_signed_xip  ===========================================

# ======================================================================================================================
#                                         == MBI-A-I-LA-IST-CBV-MD-EACBM-EES ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, a2, a2.1, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed-nxp, nbu-signed, signed>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# -----------------------------------------===== Image SubType [Optional] =====-----------------------------------------
# Description: Image subtype determine the image use in MCU. "main" for main application, "nbu" for Narrow Band Unit
# image and "recovery" for recovery image type
# Possible options: <main, nbu, recovery>
outputImageSubtype: main
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0

MBI-A-IZTL-LA-EA#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvtZeroTotalLength

  • Mbi_MixinLoadAddress

  • Mbi_ExportMixinApp

MBI-A-IZTL-LA-EA JSON schema

Open it in full page

MBI-A-IZTL-LA-EA YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                                 == MBI-A-IZTL-LA-EA ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

MBI-A-I-LA-EA-ECS#

MBI Mixins

Class name: crc_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_ExportMixinApp

  • Mbi_ExportMixinCrcSign

MBI-A-I-LA-EA-ECS JSON schema

Open it in full page

MBI-A-I-LA-EA-ECS YAML configuration template 
# ==============================================  YAML template crc_xip  ===============================================

# ======================================================================================================================
#                                                == MBI-A-I-LA-EA-ECS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

MBI-A-IV-IZTL-LA-EA#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinImageVersion

  • Mbi_MixinIvtZeroTotalLength

  • Mbi_MixinLoadAddress

  • Mbi_ExportMixinApp

MBI-A-IV-IZTL-LA-EA JSON schema

Open it in full page

MBI-A-IV-IZTL-LA-EA YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                               == MBI-A-IV-IZTL-LA-EA ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <0a, 1a, latest>
revision: 0a
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

MBI-A-IV-I-LA-EA#

MBI Mixins

Class name: plain_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinImageVersion

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_ExportMixinApp

MBI-A-IV-I-LA-EA JSON schema

Open it in full page

MBI-A-IV-I-LA-EA YAML configuration template 
# =============================================  YAML template plain_ram  ==============================================

# ======================================================================================================================
#                                                 == MBI-A-IV-I-LA-EA ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <0a, 1a, latest>
revision: 0a
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

MBI-A-IV-I-LA-EA-ECS#

MBI Mixins

Class name: crc_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinImageVersion

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_ExportMixinApp

  • Mbi_ExportMixinCrcSign

MBI-A-IV-I-LA-EA-ECS JSON schema

Open it in full page

MBI-A-IV-I-LA-EA-ECS YAML configuration template 
# ==============================================  YAML template crc_ram  ===============================================

# ======================================================================================================================
#                                               == MBI-A-IV-I-LA-EA-ECS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <0a, 1a, latest>
revision: 0a
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

MBI-A-IZTL-LA-TZ-HK-EATZ#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvtZeroTotalLength

  • Mbi_MixinLoadAddress

  • Mbi_MixinTrustZone

  • Mbi_MixinHwKey

  • Mbi_ExportMixinAppTrustZone

MBI-A-IZTL-LA-TZ-HK-EATZ JSON schema

Open it in full page

MBI-A-IZTL-LA-TZ-HK-EATZ YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                             == MBI-A-IZTL-LA-TZ-HK-EATZ ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a1, latest>
revision: a1
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false

MBI-A-I-TZ-LA-EATZ-ECS#

MBI Mixins

Class name: crc_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinTrustZone

  • Mbi_MixinLoadAddress

  • Mbi_ExportMixinAppTrustZone

  • Mbi_ExportMixinCrcSign

MBI-A-I-TZ-LA-EATZ-ECS JSON schema

Open it in full page

MBI-A-I-TZ-LA-EATZ-ECS YAML configuration template 
# ==============================================  YAML template crc_ram  ===============================================

# ======================================================================================================================
#                                              == MBI-A-I-TZ-LA-EATZ-ECS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a1, latest>
revision: a1
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

MBI-A-I-LA-TZ-HK-EATZ-ECS#

MBI Mixins

Class name: crc_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinTrustZone

  • Mbi_MixinHwKey

  • Mbi_ExportMixinAppTrustZone

  • Mbi_ExportMixinCrcSign

MBI-A-I-LA-TZ-HK-EATZ-ECS JSON schema

Open it in full page

MBI-A-I-LA-TZ-HK-EATZ-ECS YAML configuration template 
# ==============================================  YAML template crc_xip  ===============================================

# ======================================================================================================================
#                                            == MBI-A-I-LA-TZ-HK-EATZ-ECS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a1, latest>
revision: a1
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false

MBI-A-I-TZ-LA-CBV-EATZCB-ERS#

MBI Mixins

Class name: signed_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinTrustZone

  • Mbi_MixinLoadAddress

  • Mbi_MixinCertBlockV1

  • Mbi_ExportMixinAppTrustZoneCertBlock

  • Mbi_ExportMixinRsaSign

MBI-A-I-TZ-LA-CBV-EATZCB-ERS JSON schema

Open it in full page

MBI-A-I-TZ-LA-CBV-EATZCB-ERS YAML configuration template 
# =============================================  YAML template signed_ram  =============================================

# ======================================================================================================================
#                                           == MBI-A-I-TZ-LA-CBV-EATZCB-ERS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a1, latest>
revision: a1
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem

MBI-A-I-LA-TZ-CBV-HK-EATZCB-ERS#

MBI Mixins

Class name: signed_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinTrustZone

  • Mbi_MixinCertBlockV1

  • Mbi_MixinHwKey

  • Mbi_ExportMixinAppTrustZoneCertBlock

  • Mbi_ExportMixinRsaSign

MBI-A-I-LA-TZ-CBV-HK-EATZCB-ERS JSON schema

Open it in full page

MBI-A-I-LA-TZ-CBV-HK-EATZCB-ERS YAML configuration template 
# =============================================  YAML template signed_xip  =============================================

# ======================================================================================================================
#                                         == MBI-A-I-LA-TZ-CBV-HK-EATZCB-ERS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a1, latest>
revision: a1
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false

MBI-A-IZTL-LA-TZ-EATZ#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvtZeroTotalLength

  • Mbi_MixinLoadAddress

  • Mbi_MixinTrustZone

  • Mbi_ExportMixinAppTrustZone

MBI-A-IZTL-LA-TZ-EATZ JSON schema

Open it in full page

MBI-A-IZTL-LA-TZ-EATZ YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                              == MBI-A-IZTL-LA-TZ-EATZ ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml

MBI-A-IV-IZTL-TZM-LA-EATZ#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinImageVersion

  • Mbi_MixinIvtZeroTotalLength

  • Mbi_MixinTrustZoneMandatory

  • Mbi_MixinLoadAddress

  • Mbi_ExportMixinAppTrustZone

MBI-A-IV-IZTL-TZM-LA-EATZ JSON schema

Open it in full page

MBI-A-IV-IZTL-TZM-LA-EATZ YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                            == MBI-A-IV-IZTL-TZM-LA-EATZ ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

MBI-A-IV-I-TZM-LA-EATZ#

MBI Mixins

Class name: plain_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinImageVersion

  • Mbi_MixinIvt

  • Mbi_MixinTrustZoneMandatory

  • Mbi_MixinLoadAddress

  • Mbi_ExportMixinAppTrustZone

MBI-A-IV-I-TZM-LA-EATZ JSON schema

Open it in full page

MBI-A-IV-I-TZM-LA-EATZ YAML configuration template 
# =============================================  YAML template plain_ram  ==============================================

# ======================================================================================================================
#                                              == MBI-A-IV-I-TZM-LA-EATZ ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

MBI-A-IV-I-TZM-LA-EATZ-ECS#

MBI Mixins

Class name: crc_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinImageVersion

  • Mbi_MixinIvt

  • Mbi_MixinTrustZoneMandatory

  • Mbi_MixinLoadAddress

  • Mbi_ExportMixinAppTrustZone

  • Mbi_ExportMixinCrcSign

MBI-A-IV-I-TZM-LA-EATZ-ECS JSON schema

Open it in full page

MBI-A-IV-I-TZM-LA-EATZ-ECS YAML configuration template 
# ==============================================  YAML template crc_ram  ===============================================

# ======================================================================================================================
#                                            == MBI-A-IV-I-TZM-LA-EATZ-ECS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

MBI-A-IV-I-CBV-M-LA-FV-EACBM-EES#

MBI Mixins

Class name: signed_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinImageVersion

  • Mbi_MixinIvt

  • Mbi_MixinCertBlockV21

  • Mbi_MixinManifest

  • Mbi_MixinLoadAddress

  • Mbi_MixinFwVersion

  • Mbi_ExportMixinAppCertBlockManifest

  • Mbi_ExportMixinEccSign

MBI-A-IV-I-CBV-M-LA-FV-EACBM-EES JSON schema

Open it in full page

MBI-A-IV-I-CBV-M-LA-FV-EACBM-EES YAML configuration template 
# =============================================  YAML template signed_xip  =============================================

# ======================================================================================================================
#                                         == MBI-A-IV-I-CBV-M-LA-FV-EACBM-EES ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

MBI-A-B-F-EABF#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinBca

  • Mbi_MixinFcf

  • Mbi_ExportMixinAppBcaFcf

MBI-A-B-F-EABF JSON schema

Open it in full page

MBI-A-B-F-EABF YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                                  == MBI-A-B-F-EABF ==
#              Flash Configuration Field settings. Default values are always loaded from application first.
#                                       FCF can be provided in one of three ways:
#            1. As a nested dictionary under the 'fcf' key - copy values directly from the FCF.YAML template
#                 2. As a path to a YAML file containing FCF configuration - use 'fcf: path/to/fcf.yaml'
#                             3. As a path to a binary FCF file - use 'fcf: path/to/fcf.bin'
#
# If any FCF configuration is provided, it will update the application values accordingly. The binary option completely
#        replaces the FCF content, while the YAML and dictionary options selectively update FCF register values.
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <b1, latest>
revision: b1
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
bca: path/to/bca.yaml
fcf: path/to/fcf.yaml

MBI-A-F-B-EABF-ECSB#

MBI Mixins

Class name: crc_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinFcf

  • Mbi_MixinBca

  • Mbi_ExportMixinAppBcaFcf

  • Mbi_ExportMixinCrcSignBca

MBI-A-F-B-EABF-ECSB JSON schema

Open it in full page

MBI-A-F-B-EABF-ECSB YAML configuration template 
# ==============================================  YAML template crc_xip  ===============================================

# ======================================================================================================================
#                                               == MBI-A-F-B-EABF-ECSB ==
#               Boot Configuration Area settings. Default values are always loaded from application first.
#                                       BCA can be provided in one of three ways:
#            1. As a nested dictionary under the 'bca' key - copy values directly from the BCA.YAML template
#                 2. As a path to a YAML file containing BCA configuration - use 'bca: path/to/bca.yaml'
#                             3. As a path to a binary BCA file - use 'bca: path/to/bca.bin'
#
# If any BCA configuration is provided, it will update the application values accordingly. The binary option completely
#        replaces the BCA content, while the YAML and dictionary options selectively update BCA register values.
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <b1, latest>
revision: b1
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
fcf: path/to/fcf.yaml
bca: path/to/bca.yaml

MBI-A-B-F-CBV-EABF-EESV#

MBI Mixins

Class name: signed_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinBca

  • Mbi_MixinFcf

  • Mbi_MixinCertBlockVx

  • Mbi_ExportMixinAppBcaFcf

  • Mbi_ExportMixinEccSignVx

MBI-A-B-F-CBV-EABF-EESV JSON schema

Open it in full page

MBI-A-B-F-CBV-EABF-EESV YAML configuration template 
# =============================================  YAML template signed_xip  =============================================

# ======================================================================================================================
#                                             == MBI-A-B-F-CBV-EABF-EESV ==
#              Flash Configuration Field settings. Default values are always loaded from application first.
#                                       FCF can be provided in one of three ways:
#            1. As a nested dictionary under the 'fcf' key - copy values directly from the FCF.YAML template
#                 2. As a path to a YAML file containing FCF configuration - use 'fcf: path/to/fcf.yaml'
#                             3. As a path to a binary FCF file - use 'fcf: path/to/fcf.bin'
#
# If any FCF configuration is provided, it will update the application values accordingly. The binary option completely
#        replaces the FCF content, while the YAML and dictionary options selectively update FCF register values.
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <b1, latest>
revision: b1
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, signed>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
bca: path/to/bca.yaml
fcf: path/to/fcf.yaml
# ---------------------------------===== Certificate Block binary file [Required] =====---------------------------------
# Description: Path to certificate block.
certBlock: cert_block.bin
# --------------===== True to append SHA256 hash [0:127] at the end of certificate block [Optional] =====---------------
# Description: Not mandatory if the hash is written in OTP
addCertHash: true
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# -------------------------------------===== Generate only header [Optional] =====--------------------------------------
# Description: Build only the boot headers (Vector table, BCA, FCB) 0x0..0x800 binary without the application. This is
# needed for device HSM provisioning file in case the user set ROP2, ROP3.
justHeader: false

MBI-A-IZTL-LA-IV-EA#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvtZeroTotalLength

  • Mbi_MixinLoadAddress

  • Mbi_MixinImageVersion

  • Mbi_ExportMixinApp

MBI-A-IZTL-LA-IV-EA JSON schema

Open it in full page

MBI-A-IZTL-LA-IV-EA YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                               == MBI-A-IZTL-LA-IV-EA ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-I-LA-IV-EA-ECS#

MBI Mixins

Class name: crc_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinImageVersion

  • Mbi_ExportMixinApp

  • Mbi_ExportMixinCrcSign

MBI-A-I-LA-IV-EA-ECS JSON schema

Open it in full page

MBI-A-I-LA-IV-EA-ECS YAML configuration template 
# ==============================================  YAML template crc_xip  ===============================================

# ======================================================================================================================
#                                               == MBI-A-I-LA-IV-EA-ECS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-I-LA-IV-EA#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinImageVersion

  • Mbi_ExportMixinApp

MBI-A-I-LA-IV-EA JSON schema

Open it in full page

MBI-A-I-LA-IV-EA YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                                 == MBI-A-I-LA-IV-EA ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-I-IV-EA#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinImageVersion

  • Mbi_ExportMixinApp

MBI-A-I-IV-EA JSON schema

Open it in full page

MBI-A-I-IV-EA YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                                  == MBI-A-I-IV-EA ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-I-IV-EA-ECS#

MBI Mixins

Class name: crc_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinImageVersion

  • Mbi_ExportMixinApp

  • Mbi_ExportMixinCrcSign

MBI-A-I-IV-EA-ECS JSON schema

Open it in full page

MBI-A-I-IV-EA-ECS YAML configuration template 
# ==============================================  YAML template crc_xip  ===============================================

# ======================================================================================================================
#                                                == MBI-A-I-IV-EA-ECS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-B-F-EA#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinBca

  • Mbi_MixinFcf

  • Mbi_ExportMixinApp

MBI-A-B-F-EA JSON schema

Open it in full page

MBI-A-B-F-EA YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                                   == MBI-A-B-F-EA ==
#              Flash Configuration Field settings. Default values are always loaded from application first.
#                                       FCF can be provided in one of three ways:
#            1. As a nested dictionary under the 'fcf' key - copy values directly from the FCF.YAML template
#                 2. As a path to a YAML file containing FCF configuration - use 'fcf: path/to/fcf.yaml'
#                             3. As a path to a binary FCF file - use 'fcf: path/to/fcf.bin'
#
# If any FCF configuration is provided, it will update the application values accordingly. The binary option completely
#        replaces the FCF content, while the YAML and dictionary options selectively update FCF register values.
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
bca: path/to/bca.yaml
fcf: path/to/fcf.yaml

MBI-A-F-EA#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinFcf

  • Mbi_ExportMixinApp

MBI-A-F-EA JSON schema

Open it in full page

MBI-A-F-EA YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                                    == MBI-A-F-EA ==
#              Flash Configuration Field settings. Default values are always loaded from application first.
#                                       FCF can be provided in one of three ways:
#            1. As a nested dictionary under the 'fcf' key - copy values directly from the FCF.YAML template
#                 2. As a path to a YAML file containing FCF configuration - use 'fcf: path/to/fcf.yaml'
#                             3. As a path to a binary FCF file - use 'fcf: path/to/fcf.bin'
#
# If any FCF configuration is provided, it will update the application values accordingly. The binary option completely
#        replaces the FCF content, while the YAML and dictionary options selectively update FCF register values.
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
fcf: path/to/fcf.yaml

MBI-HI-HA-EHA-HL#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinHseIvt

  • Mbi_MixinHseApp

  • Mbi_ExportMixinHseApp

  • Mbi_MixinHseLifecycle

MBI-HI-HA-EHA-HL JSON schema

Open it in full page

MBI-HI-HA-EHA-HL YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                                 == MBI-HI-HA-EHA-HL ==
# Configuration for HSE lifecycle state. The lifecycle state determines the security level and available features of the
#                  device. Each state has specific implications for device functionality and security.
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# -----------------------------------------===== APP SWT Init [Optional] =====------------------------------------------
# Description: Application Software Tamper initialization
appSwtInit: false
# -----------------------------------===== Application Start Address [Optional] =====-----------------------------------
# Description: Start address for CM7_0 core application
appStartAddress: '0x00400200'
# --------------------------------===== Lifecycle Configuration Address [Optional] =====--------------------------------
# Description: Address of lifecycle configuration data. If not set, the LC configuration will be placed after
# application.
lcConfigAddr: '0x0'
# -------------------------------------===== HSE Firmware Address [Optional] =====--------------------------------------
# Description: Address of HSE firmware
hseFwAddr: '0x0'
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Lifecycle State [Optional] =====----------------------------------------
# Description: Defines the lifecycle state of the device: 'none' - default state with no lifecycle change, 'oem_prod' -
# OEM production state with increased security, 'in_field' - deployed state with highest security level and restricted
# debug access.
# Possible options: <none, oem_prod, in_field>
lifecycle: none

MBI-HI-HA-HABH-EHS-HL-EHAS#

MBI Mixins

Class name: signed_xip

  • MasterBootImage

  • Mbi_MixinHseIvt

  • Mbi_MixinHseApp

  • Mbi_MixinHseAppBootHeader

  • Mbi_ExportMixinHseSignature

  • Mbi_MixinHseLifecycle

  • Mbi_ExportMixinHseAppSigned

MBI-HI-HA-HABH-EHS-HL-EHAS JSON schema

Open it in full page

MBI-HI-HA-HABH-EHS-HL-EHAS YAML configuration template 
# =============================================  YAML template signed_xip  =============================================

# ======================================================================================================================
#                                            == MBI-HI-HA-HABH-EHS-HL-EHAS ==
# Configuration for HSE lifecycle state. The lifecycle state determines the security level and available features of the
#                  device. Each state has specific implications for device functionality and security.
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# -----------------------------------------===== APP SWT Init [Optional] =====------------------------------------------
# Description: Application Software Tamper initialization
appSwtInit: false
# -----------------------------------------===== Start Address [Optional] =====-----------------------------------------
# Description: Start address of the application
appStartAddress: '0x00400200'
# --------------------------------===== Lifecycle Configuration Address [Optional] =====--------------------------------
# Description: Address of lifecycle configuration data. If not set, the LC configuration will be placed after
# application.
lcConfigAddr: '0x0'
# -------------------------------------===== HSE Firmware Address [Optional] =====--------------------------------------
# Description: Address of HSE firmware
hseFwAddr: '0x0'
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Initial Vector [Optional] =====-----------------------------------------
# Description: Initial vector for encryption (12 bytes hexadecimal). If not specified, random value will be generated.
initialVector: 000102030405060708090A0B
# --------------------------------===== Application Debug/Key Password [Required] =====---------------------------------
# Description: Key used for encryption (16 bytes hexadecimal)
adkp: 000102030405060708090A0B0C0D0E0F
# ----------------------------------------===== Lifecycle State [Optional] =====----------------------------------------
# Description: Defines the lifecycle state of the device: 'none' - default state with no lifecycle change, 'oem_prod' -
# OEM production state with increased security, 'in_field' - deployed state with highest security level and restricted
# debug access.
# Possible options: <none, oem_prod, in_field>
lifecycle: none

MBI-A-IZTL-TZM-LA-IV-EATZ#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvtZeroTotalLength

  • Mbi_MixinTrustZoneMandatory

  • Mbi_MixinLoadAddress

  • Mbi_MixinImageVersion

  • Mbi_ExportMixinAppTrustZone

MBI-A-IZTL-TZM-LA-IV-EATZ JSON schema

Open it in full page

MBI-A-IZTL-TZM-LA-IV-EATZ YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                            == MBI-A-IZTL-TZM-LA-IV-EATZ ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-I-TZM-LA-IV-EATZ#

MBI Mixins

Class name: plain_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinTrustZoneMandatory

  • Mbi_MixinLoadAddress

  • Mbi_MixinImageVersion

  • Mbi_ExportMixinAppTrustZone

MBI-A-I-TZM-LA-IV-EATZ JSON schema

Open it in full page

MBI-A-I-TZM-LA-IV-EATZ YAML configuration template 
# =============================================  YAML template plain_ram  ==============================================

# ======================================================================================================================
#                                              == MBI-A-I-TZM-LA-IV-EATZ ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-I-TZM-LA-IV-EATZ-ECS#

MBI Mixins

Class name: crc_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinTrustZoneMandatory

  • Mbi_MixinLoadAddress

  • Mbi_MixinImageVersion

  • Mbi_ExportMixinAppTrustZone

  • Mbi_ExportMixinCrcSign

MBI-A-I-TZM-LA-IV-EATZ-ECS JSON schema

Open it in full page

MBI-A-I-TZM-LA-IV-EATZ-ECS YAML configuration template 
# ==============================================  YAML template crc_ram  ===============================================

# ======================================================================================================================
#                                            == MBI-A-I-TZM-LA-IV-EATZ-ECS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-I-LA-CBV-MC-IST-IV-FV-EACBM-EES#

MBI Mixins

Class name: signed_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinCertBlockV21

  • Mbi_MixinManifestCrc

  • Mbi_MixinImageSubType

  • Mbi_MixinImageVersion

  • Mbi_MixinFwVersion

  • Mbi_ExportMixinAppCertBlockManifest

  • Mbi_ExportMixinEccSign

MBI-A-I-LA-CBV-MC-IST-IV-FV-EACBM-EES JSON schema

Open it in full page

MBI-A-I-LA-CBV-MC-IST-IV-FV-EACBM-EES YAML configuration template 
# =============================================  YAML template signed_xip  =============================================

# ======================================================================================================================
#                                      == MBI-A-I-LA-CBV-MC-IST-IV-FV-EACBM-EES ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== Image SubType [Optional] =====-----------------------------------------
# Description: Image subtype determine the image use in MCU. "main" for main application, "nbu" for Narrow Band Unit
# image and "recovery" for recovery image type
# Possible options: <main, nbu, recovery>
outputImageSubtype: main
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-I-CBV-MC-IST-LA-IV-FV-EACBM-EES#

MBI Mixins

Class name: signed_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinCertBlockV21

  • Mbi_MixinManifestCrc

  • Mbi_MixinImageSubType

  • Mbi_MixinLoadAddress

  • Mbi_MixinImageVersion

  • Mbi_MixinFwVersion

  • Mbi_ExportMixinAppCertBlockManifest

  • Mbi_ExportMixinEccSign

MBI-A-I-CBV-MC-IST-LA-IV-FV-EACBM-EES JSON schema

Open it in full page

MBI-A-I-CBV-MC-IST-LA-IV-FV-EACBM-EES YAML configuration template 
# =============================================  YAML template signed_ram  =============================================

# ======================================================================================================================
#                                      == MBI-A-I-CBV-MC-IST-LA-IV-FV-EACBM-EES ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== Image SubType [Optional] =====-----------------------------------------
# Description: Image subtype determine the image use in MCU. "main" for main application, "nbu" for Narrow Band Unit
# image and "recovery" for recovery image type
# Possible options: <main, nbu, recovery>
outputImageSubtype: main
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-I-LA-TZM-IV-EATZ-ECS#

MBI Mixins

Class name: crc_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinTrustZoneMandatory

  • Mbi_MixinImageVersion

  • Mbi_ExportMixinAppTrustZone

  • Mbi_ExportMixinCrcSign

MBI-A-I-LA-TZM-IV-EATZ-ECS JSON schema

Open it in full page

MBI-A-I-LA-TZM-IV-EATZ-ECS YAML configuration template 
# ==============================================  YAML template crc_xip  ===============================================

# ======================================================================================================================
#                                            == MBI-A-I-LA-TZM-IV-EATZ-ECS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-I-TZV-LA-IV-EATZV#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinTrustZoneV2

  • Mbi_MixinLoadAddress

  • Mbi_MixinImageVersion

  • Mbi_ExportMixinAppTrustZoneV2

MBI-A-I-TZV-LA-IV-EATZV JSON schema

Open it in full page

MBI-A-I-TZV-LA-IV-EATZV YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                             == MBI-A-I-TZV-LA-IV-EATZV ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ---------------------------===== TrustZone Customization file in version 2 [Optional] =====---------------------------
# Description: Specification of Trust Zone configuration file for advanced settings. It could be as YAML TrustZone
# configuration file as pre-prepared binary TrustZone configuration.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-I-TZV-LA-IV-EATZV-ECSE#

MBI Mixins

Class name: crc_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinTrustZoneV2

  • Mbi_MixinLoadAddress

  • Mbi_MixinImageVersion

  • Mbi_ExportMixinAppTrustZoneV2

  • Mbi_ExportMixinCrcSignEnd

MBI-A-I-TZV-LA-IV-EATZV-ECSE JSON schema

Open it in full page

MBI-A-I-TZV-LA-IV-EATZV-ECSE YAML configuration template 
# ==============================================  YAML template crc_ram  ===============================================

# ======================================================================================================================
#                                           == MBI-A-I-TZV-LA-IV-EATZV-ECSE ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ---------------------------===== TrustZone Customization file in version 2 [Optional] =====---------------------------
# Description: Specification of Trust Zone configuration file for advanced settings. It could be as YAML TrustZone
# configuration file as pre-prepared binary TrustZone configuration.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-I-LA-TZV-IV-EATZV-ECSE#

MBI Mixins

Class name: crc_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinTrustZoneV2

  • Mbi_MixinImageVersion

  • Mbi_ExportMixinAppTrustZoneV2

  • Mbi_ExportMixinCrcSignEnd

MBI-A-I-LA-TZV-IV-EATZV-ECSE JSON schema

Open it in full page

MBI-A-I-LA-TZV-IV-EATZV-ECSE YAML configuration template 
# ==============================================  YAML template crc_xip  ===============================================

# ======================================================================================================================
#                                           == MBI-A-I-LA-TZV-IV-EATZV-ECSE ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ---------------------------===== TrustZone Customization file in version 2 [Optional] =====---------------------------
# Description: Specification of Trust Zone configuration file for advanced settings. It could be as YAML TrustZone
# configuration file as pre-prepared binary TrustZone configuration.
trustZonePresetFile: my_tz_custom.yaml
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-TZV-I-LA-IV-AC-A-EATCA#

MBI Mixins

Class name: signed_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinTrustZoneV2

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinImageVersion

  • Mbi_MixinAppCrc

  • Mbi_MixinAhab

  • Mbi_ExportMixinAppTzCrcAhab

MBI-A-TZV-I-LA-IV-AC-A-EATCA JSON schema

Open it in full page

MBI-A-TZV-I-LA-IV-AC-A-EATCA YAML configuration template 
# =============================================  YAML template signed_xip  =============================================

# ======================================================================================================================
#                                           == MBI-A-TZV-I-LA-IV-AC-A-EATCA ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ---------------------------===== TrustZone Customization file in version 2 [Optional] =====---------------------------
# Description: Specification of Trust Zone configuration file for advanced settings. It could be as YAML TrustZone
# configuration file as pre-prepared binary TrustZone configuration.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0
# --------------------------------===== The additional CRC images check [Optional] =====--------------------------------
# Description: If true, add additional CRC image that is computed from all data execution mage and optionally TrustZone.
add_crc_check: false
# -----------------------------------===== Super Root Key (SRK) set [Required] =====------------------------------------
# Description: Defines which set is used to authenticate the container.
# Possible options: <oem, nxp>
srk_set: oem
# -------------------------------------------===== Used SRK [Required] =====--------------------------------------------
# Description: Which key from SRK set is being used.
used_srk_id: 0
# -----------------------------------------===== Fuse version [Optional] =====------------------------------------------
# Description: The value must be equal or greater than the version stored in fuses or PFR to provide proper rollback
# protection. For example, on the MCXN556s series, the fuse version is used for rollback protection, where it is joined
# with the image version to create a firmware version 'fw_version = (imageVersion << 8) | (fuse_version)'. During
# rollback protection, the firmware version is checked against 'SECURE_FW_VERSION' in the CFPA page.
fuse_version: 0
# -------------------------------------===== AHAB container signer [Optional] =====-------------------------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>' or a
# private key used for sign the container header. Header can be signed by SRK. The referenced SRK must not have been
# revoked.
signer: type=file;file_path=my_prv_key.pem
# ---------------------===== AHAB container signer for second signature (PQC only) [Optional] =====---------------------
# Description: Signature provider configuration in format 'type=<identifier>;<key1>=<value1>;<key2>=<value2>' or a
# private key used for second sign (PQC only) of the container header. Header can be signed by SRK. The referenced SRK
# must not have been revoked.
signer_#2: type=file;file_path=my_prv_key.pem

# ======================================================================================================================
#                                         == Configuration of AHAB SRK table ==
# ======================================================================================================================
# -------------------------------------------===== SRK Table [Required] =====-------------------------------------------
# Description: SRK (Super Root key) table definition.
srk_table:
  # -------------------------------------------===== CA Flag [Optional] =====-------------------------------------------
  # Description: CA Flag is used by HAB to indicate if the SRK is allowed to sign other keys
  flag_ca: false
  # ---------------------------------===== Super Root Key (SRK) table [Required] =====----------------------------------
  # Description: Table containing the used SRK records. All SRKs must be of the same type. Supported signing algorithms
  # are: RSA-PSS, ECDSA, Dilithium or SM2. Supported hash algorithms: sha256, sha384, sha512, sha3_256, sha3_384,
  # sha3_512, sm3. Supported key sizes/curves: prime256v1, sec384r1, sec512r1, rsa2048, rsa4096, dilithium3, sm2.
  # Certificate may be of Certificate Authority. Dilithium algorithms are supported just in new type of AHAB container
  srk_array:
    - my_srk_public_key0.pub
    - my_srk_public_key1.pub
    - my_srk_public_key2.pub
    - my_srk_public_key3.pub

  # ====================================================================================================================
  #                  == Configuration of AHAB SRK table in case that the double signing (ECC + PQC) ==
  # ====================================================================================================================
  # --------------------------------------===== Second SRK Table [Optional] =====---------------------------------------
  srk_table_#2:
    # ------------------------------------------===== CA Flag [Optional] =====------------------------------------------
    # Description: CA Flag is used by HAB to indicate if the SRK is allowed to sign other keys
    flag_ca: false
    # --------------------------------===== Super Root Key (SRK) table [Required] =====---------------------------------
    # Description: Table containing the used SRK Dilithium records. All SRKs must be of the same type. Supported signing
    # algorithms are: Dilithium level 3. Supported hash algorithms: sha3_256, sha3_384, sha3_512. Certificate may be of
    # Certificate Authority.
    srk_array:
      - my_srk_public_key0.pub
      - my_srk_public_key1.pub
      - my_srk_public_key2.pub
      - my_srk_public_key3.pub

# ======================================================================================================================
#              == Optional configuration of AHAB Container Certificate (if not used, erase the section) ==
# ======================================================================================================================
# -------------------------------------===== The AHAB certificate [Optional] =====--------------------------------------
# Description: The file that contains AHAB certificate. It could be used already prepared binary form signed by SRK, or
# it is possible to use configuration YAML file of certificate and the AHAB export process it will export it itself.
certificate: my_ahab_certificate.bin

MBI-A-I-LA-TZ-HK-EATZ#

MBI Mixins

Class name: plain_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinTrustZone

  • Mbi_MixinHwKey

  • Mbi_ExportMixinAppTrustZone

MBI-A-I-LA-TZ-HK-EATZ JSON schema

Open it in full page

MBI-A-I-LA-TZ-HK-EATZ YAML configuration template 
# =============================================  YAML template plain_xip  ==============================================

# ======================================================================================================================
#                                              == MBI-A-I-LA-TZ-HK-EATZ ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false

MBI-A-I-TZ-HK-LA-EATZ-ECS#

MBI Mixins

Class name: crc_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinTrustZone

  • Mbi_MixinHwKey

  • Mbi_MixinLoadAddress

  • Mbi_ExportMixinAppTrustZone

  • Mbi_ExportMixinCrcSign

MBI-A-I-TZ-HK-LA-EATZ-ECS JSON schema

Open it in full page

MBI-A-I-TZ-HK-LA-EATZ-ECS YAML configuration template 
# ==============================================  YAML template crc_xip  ===============================================

# ======================================================================================================================
#                                            == MBI-A-I-TZ-HK-LA-EATZ-ECS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

MBI-A-I-TZ-LA-CBV-HK-EATZCB-ERS#

MBI Mixins

Class name: signed_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinTrustZone

  • Mbi_MixinLoadAddress

  • Mbi_MixinCertBlockV1

  • Mbi_MixinHwKey

  • Mbi_ExportMixinAppTrustZoneCertBlock

  • Mbi_ExportMixinRsaSign

MBI-A-I-TZ-LA-CBV-HK-EATZCB-ERS JSON schema

Open it in full page

MBI-A-I-TZ-LA-CBV-HK-EATZCB-ERS YAML configuration template 
# =============================================  YAML template signed_xip  =============================================

# ======================================================================================================================
#                                         == MBI-A-I-TZ-LA-CBV-HK-EATZCB-ERS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false

MBI-A-I-TZ-LA-HK-EATZ#

MBI Mixins

Class name: plain_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinTrustZone

  • Mbi_MixinLoadAddress

  • Mbi_MixinHwKey

  • Mbi_ExportMixinAppTrustZone

MBI-A-I-TZ-LA-HK-EATZ JSON schema

Open it in full page

MBI-A-I-TZ-LA-HK-EATZ YAML configuration template 
# =============================================  YAML template plain_ram  ==============================================

# ======================================================================================================================
#                                              == MBI-A-I-TZ-LA-HK-EATZ ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, b0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc, signed-encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false

MBI-A-RT-LA-I-TZ-CBV-HM-KS-HK-EATZCB-ERS-EHKSF#

MBI Mixins

Class name: signed_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinRelocTable

  • Mbi_MixinLoadAddress

  • Mbi_MixinIvt

  • Mbi_MixinTrustZone

  • Mbi_MixinCertBlockV1

  • Mbi_MixinHmacMandatory

  • Mbi_MixinKeyStore

  • Mbi_MixinHwKey

  • Mbi_ExportMixinAppTrustZoneCertBlock

  • Mbi_ExportMixinRsaSign

  • Mbi_ExportMixinHmacKeyStoreFinalize

MBI-A-RT-LA-I-TZ-CBV-HM-KS-HK-EATZCB-ERS-EHKSF JSON schema

Open it in full page

MBI-A-RT-LA-I-TZ-CBV-HM-KS-HK-EATZCB-ERS-EHKSF YAML configuration template 
# =============================================  YAML template signed_ram  =============================================

# ======================================================================================================================
#                                  == MBI-A-RT-LA-I-TZ-CBV-HM-KS-HK-EATZCB-ERS-EHKSF ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, b0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc, signed-encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== The list of additional binaries [Optional] =====--------------------------------
# Description: This is software feature of RTxxx family that NXP SDK startup code (not ROM) could load additional
# images.
applicationTable:
  -
    # ----------------------------------------===== Binary file [Required] =====----------------------------------------
    # Description: The binary file to be added to final application.
    binary: my_additional_binary.bin
    # ------------------------------------===== Destination address [Required] =====------------------------------------
    # Description: Destination address in RAM of additional binary.
    destAddress: 536870912
    # ----------------------------------------===== Enable load [Required] =====----------------------------------------
    # Description: Enabler to load/use the image.
    load: true
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# -----------------------------------===== OTP Master key (HMAC Key) [Required] =====-----------------------------------
# Description: The OTP Master key that is used to compute HMAC encryption key. Could be defined as hex number and also
# as hex/binary file.\n Used algorithm by tool the get HMAC Key; AES_ENCRYPT (OTP_MASTER_KEK,
# 0x00000000000000000000000000000000)
outputImageEncryptionKeyFile: otp_master_key.bin
# ------------------------------------===== The Key store data file [Optional] =====------------------------------------
# Description: Optional KeyStore data file for included keystore in LoadToRam images. If defined the KeyStore is added
# into MBI.
keyStoreFile: my_key_store_data.bin
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false

MBI-A-RT-LA-I-TZ-HK-EATZ-ECS#

MBI Mixins

Class name: crc_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinRelocTable

  • Mbi_MixinLoadAddress

  • Mbi_MixinIvt

  • Mbi_MixinTrustZone

  • Mbi_MixinHwKey

  • Mbi_ExportMixinAppTrustZone

  • Mbi_ExportMixinCrcSign

MBI-A-RT-LA-I-TZ-HK-EATZ-ECS JSON schema

Open it in full page

MBI-A-RT-LA-I-TZ-HK-EATZ-ECS YAML configuration template 
# ==============================================  YAML template crc_ram  ===============================================

# ======================================================================================================================
#                                           == MBI-A-RT-LA-I-TZ-HK-EATZ-ECS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, b0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc, signed-encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== The list of additional binaries [Optional] =====--------------------------------
# Description: This is software feature of RTxxx family that NXP SDK startup code (not ROM) could load additional
# images.
applicationTable:
  -
    # ----------------------------------------===== Binary file [Required] =====----------------------------------------
    # Description: The binary file to be added to final application.
    binary: my_additional_binary.bin
    # ------------------------------------===== Destination address [Required] =====------------------------------------
    # Description: Destination address in RAM of additional binary.
    destAddress: 536870912
    # ----------------------------------------===== Enable load [Required] =====----------------------------------------
    # Description: Enabler to load/use the image.
    load: true
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false

MBI-A-RT-LA-I-TZ-CBV-HK-KS-HM-CIV-EATZCBE-ERS-EHKSF#

MBI Mixins

Class name: encrypted_signed_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinRelocTable

  • Mbi_MixinLoadAddress

  • Mbi_MixinIvt

  • Mbi_MixinTrustZone

  • Mbi_MixinCertBlockV1

  • Mbi_MixinHwKey

  • Mbi_MixinKeyStore

  • Mbi_MixinHmacMandatory

  • Mbi_MixinCtrInitVector

  • Mbi_ExportMixinAppTrustZoneCertBlockEncrypt

  • Mbi_ExportMixinRsaSign

  • Mbi_ExportMixinHmacKeyStoreFinalize

MBI-A-RT-LA-I-TZ-CBV-HK-KS-HM-CIV-EATZCBE-ERS-EHKSF JSON schema

Open it in full page

MBI-A-RT-LA-I-TZ-CBV-HK-KS-HM-CIV-EATZCBE-ERS-EHKSF YAML configuration template 
# ========================================  YAML template encrypted_signed_ram  ========================================

# ======================================================================================================================
#                               == MBI-A-RT-LA-I-TZ-CBV-HK-KS-HM-CIV-EATZCBE-ERS-EHKSF ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, b0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc, signed-encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== The list of additional binaries [Optional] =====--------------------------------
# Description: This is software feature of RTxxx family that NXP SDK startup code (not ROM) could load additional
# images.
applicationTable:
  -
    # ----------------------------------------===== Binary file [Required] =====----------------------------------------
    # Description: The binary file to be added to final application.
    binary: my_additional_binary.bin
    # ------------------------------------===== Destination address [Required] =====------------------------------------
    # Description: Destination address in RAM of additional binary.
    destAddress: 536870912
    # ----------------------------------------===== Enable load [Required] =====----------------------------------------
    # Description: Enabler to load/use the image.
    load: true
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false
# ------------------------------------===== The Key store data file [Optional] =====------------------------------------
# Description: Optional KeyStore data file for included keystore in LoadToRam images. If defined the KeyStore is added
# into MBI.
keyStoreFile: my_key_store_data.bin
# -----------------------------------===== OTP Master key (HMAC Key) [Required] =====-----------------------------------
# Description: The OTP Master key that is used to compute HMAC encryption key. Could be defined as hex number and also
# as hex/binary file.\n Used algorithm by tool the get HMAC Key; AES_ENCRYPT (OTP_MASTER_KEK,
# 0x00000000000000000000000000000000)
outputImageEncryptionKeyFile: otp_master_key.bin
# ---------------===== The output image encryption initial vector for encryption counter [Optional] =====---------------
# Description: The initial vector for encryption counter. Could be defined as hex number and also as hex/binary file
CtrInitVector: '0xc3df2316fd40b15586cb5ae49483aee2'

MBI-A-RT-I-TZM-LA-IV-EATZ-ECS#

MBI Mixins

Class name: crc_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinRelocTable

  • Mbi_MixinIvt

  • Mbi_MixinTrustZoneMandatory

  • Mbi_MixinLoadAddress

  • Mbi_MixinImageVersion

  • Mbi_ExportMixinAppTrustZone

  • Mbi_ExportMixinCrcSign

MBI-A-RT-I-TZM-LA-IV-EATZ-ECS JSON schema

Open it in full page

MBI-A-RT-I-TZM-LA-IV-EATZ-ECS YAML configuration template 
# ==============================================  YAML template crc_ram  ===============================================

# ======================================================================================================================
#                                          == MBI-A-RT-I-TZM-LA-IV-EATZ-ECS ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, b0, latest>
revision: a0
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== The list of additional binaries [Optional] =====--------------------------------
# Description: This is software feature of RTxxx family that NXP SDK startup code (not ROM) could load additional
# images.
applicationTable:
  -
    # ----------------------------------------===== Binary file [Required] =====----------------------------------------
    # Description: The binary file to be added to final application.
    binary: my_additional_binary.bin
    # ------------------------------------===== Destination address [Required] =====------------------------------------
    # Description: Destination address in RAM of additional binary.
    destAddress: 536870912
    # ----------------------------------------===== Enable load [Required] =====----------------------------------------
    # Description: Enabler to load/use the image.
    load: true
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-I-LA-CBV-MD-IST-IV-FV-EACBM-EES#

MBI Mixins

Class name: signed_xip

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinLoadAddress

  • Mbi_MixinCertBlockV21

  • Mbi_MixinManifestDigest

  • Mbi_MixinImageSubType

  • Mbi_MixinImageVersion

  • Mbi_MixinFwVersion

  • Mbi_ExportMixinAppCertBlockManifest

  • Mbi_ExportMixinEccSign

MBI-A-I-LA-CBV-MD-IST-IV-FV-EACBM-EES JSON schema

Open it in full page

MBI-A-I-LA-CBV-MD-IST-IV-FV-EACBM-EES YAML configuration template 
# =============================================  YAML template signed_xip  =============================================

# ======================================================================================================================
#                                      == MBI-A-I-LA-CBV-MD-IST-IV-FV-EACBM-EES ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a0, a1, b0, latest>
revision: a1
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# -----------------------------------------===== Image SubType [Optional] =====-----------------------------------------
# Description: Image subtype determine the image use in MCU. "main" for main application, "nbu" for Narrow Band Unit
# image and "recovery" for recovery image type
# Possible options: <main, nbu, recovery>
outputImageSubtype: main
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

MBI-A-I-CBV-M-LA-FV-IV-EACBM-EES#

MBI Mixins

Class name: signed_ram

  • MasterBootImage

  • Mbi_MixinApp

  • Mbi_MixinIvt

  • Mbi_MixinCertBlockV21

  • Mbi_MixinManifest

  • Mbi_MixinLoadAddress

  • Mbi_MixinFwVersion

  • Mbi_MixinImageVersion

  • Mbi_ExportMixinAppCertBlockManifest

  • Mbi_ExportMixinEccSign

MBI-A-I-CBV-M-LA-FV-IV-EACBM-EES JSON schema

Open it in full page

MBI-A-I-CBV-M-LA-FV-IV-EACBM-EES YAML configuration template 
# =============================================  YAML template signed_ram  =============================================

# ======================================================================================================================
#                                         == MBI-A-I-CBV-M-LA-FV-IV-EACBM-EES ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: CHOOSE_FROM_TABLE
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options: <a1, a2, latest>
revision: a1
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <signed, plain, crc>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ---------------------------------------===== Output Image name [Required] =====---------------------------------------
# Description: The path for result binary file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# -------------------------------------===== Signer configuration [Required] =====--------------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>' or path to a
# private key.
signer: type=file;file_path=root_prv_key.pem
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in protected memory (MCU specific).
# If value is lower than value in protected memory, then is image rejected (rollback protection).
firmwareVersion: 0
# --------------------------------===== Loading address of application [Optional] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0
Contents