Master Boot Image (MBI)

Master Boot Image can be used directly (e.g. by using blhost write-memory command) or it can be used for further processing (e.g. used as input to Secure Binary image container). Image is created based on a supplied configuration file, either JSON or YAML is supported.

We can divide divide into two categories based on layout.

  • eXecute-In-Place (XIP) images

    • Plain

    • CRC

    • Signed

  • Load-to-RAM images

    • Plain

    • CRC

    • Signed images with HMAC signed header. Since load-to-RAM copies the image from untrusted media to on-chip RAM, the length field in header should be authenticated before copy. Hence HMAC signed headers are used.

    • Encrypted (plain header with HMAC + AES-CBC encrypted).

Example of use

nxpimage: nxpimage mbi export <path to config file>

Sample configuration for LPC55s6x plain signed XIP image. Other sample configurations might be obtained with the get-templates sub-command.

# ===========  Master Boot Image Configuration template for lpc55s6x, Plain Signed XIP Image.  ===========
#
#  == Basic Settings ==
#
family: lpc55s6x  # MCU family., MCU family name.
outputImageExecutionTarget: xip # Application target., Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
outputImageAuthenticationType: signed # Type of boot image authentication., Specification of final master boot image authentication.
masterBootOutputFile: my_mbi.bin # Master Boot Image name., The file for Master Boot Image result file.
inputImageFile: my_application.bin # Plain application image., The input application image to by modified to Master Boot Image.
#
#  == Trust Zone Settings ==
#
enableTrustZone: false # TrustZone enable option, If not specified, the Trust zone is disabled.
trustZonePresetFile: my_tz_custom.yaml # TrustZone Customization file, If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
#
#  == Certificate V2 Settings ==
#
mainCertPrivateKeyFile: my_prv_key.pem # Main Certificate private key, Main Certificate private key used to sign certificate
imageBuildNumber: 0 # Image Build Number, If it's omitted, it will be used 0 as default value.
rootCertificate0File: my_certificate0.pem # Root Certificate File 0, Root certificate file index 0.
rootCertificate1File: my_certificate1.pem # Root Certificate File 1, Root certificate file index 1.
rootCertificate2File: my_certificate2.pem # Root Certificate File 2, Root certificate file index 2.
rootCertificate3File: my_certificate3.pem # Root Certificate File 3, Root certificate file index 3.
mainCertChainId: 0 # Main Certificate Index, Index of certificate that is used as a main.
chainCertificate0File0: chain_certificate0_depth0.pem # Chain certificate 0 for root 0, Chain certificate 0 for root certificate 0
chainCertificate0File1: chain_certificate0_depth1.pem # Chain certificate 1 for root 0, Chain certificate 1 for root certificate 0
chainCertificate0File2: chain_certificate0_depth2.pem # Chain certificate 2 for root 0, Chain certificate 2 for root certificate 0
chainCertificate0File3: chain_certificate0_depth3.pem # Chain certificate 3 for root 0, Chain certificate 3 for root certificate 0
chainCertificate1File0: chain_certificate1_depth0.pem # Chain certificate 0 for root 1, Chain certificate 0 for root certificate 1
chainCertificate1File1: chain_certificate1_depth1.pem # Chain certificate 1 for root 1, Chain certificate 1 for root certificate 1
chainCertificate1File2: chain_certificate1_depth2.pem # Chain certificate 2 for root 1, Chain certificate 2 for root certificate 1
chainCertificate1File3: chain_certificate1_depth3.pem # Chain certificate 3 for root 1, Chain certificate 3 for root certificate 1
chainCertificate2File0: chain_certificate2_depth0.pem # Chain certificate 0 for root 2, Chain certificate 0 for root certificate 2
chainCertificate2File1: chain_certificate2_depth1.pem # Chain certificate 1 for root 2, Chain certificate 1 for root certificate 2
chainCertificate2File2: chain_certificate2_depth2.pem # Chain certificate 2 for root 2, Chain certificate 2 for root certificate 2
chainCertificate2File3: chain_certificate2_depth3.pem # Chain certificate 3 for root 2, Chain certificate 3 for root certificate 2
chainCertificate3File0: chain_certificate3_depth0.pem # Chain certificate 0 for root 3, Chain certificate 0 for root certificate 3
chainCertificate3File1: chain_certificate3_depth1.pem # Chain certificate 1 for root 3, Chain certificate 1 for root certificate 3
chainCertificate3File2: chain_certificate3_depth2.pem # Chain certificate 2 for root 3, Chain certificate 2 for root certificate 3
chainCertificate3File3: chain_certificate3_depth3.pem # Chain certificate 3 for root 3, Chain certificate 3 for root certificate 3

Supported devices for MBI

NXPIMAGE support devices from LPC55xx family (LPC55S0x, LPC55S1x, LPC55S2x, LPC552x, LPC55S6x), RT5xx, RT6xx, LPC55S3x, MCXN9xx and RW61x. Supported execution targets are: XIP (Execute in place) and Load to RAM and image authentication types: Plain, CRC, Signed, Encrypted and NXP Signed.

The following table shows the supported image types for each device, it either shows “N/A” if the configuration is not available or respective class that will be used for image creation.

Target in the table represents outputImageExecutionTarget in the configuration file and authentication in the table represents outputImageAuthenticationType.

Supported devices

Targets

xip

xip

xip

xip

xip

load-to-ram

load-to-ram

load-to-ram

load-to-ram

load-to-ram

Authentication

plain

crc

signed

signed-nxp

signed-encrypted

plain

crc

signed

signed-nxp

signed-encrypted

lpc55s0x

Mbi_PlainXipRtxxx

Mbi_CrcXipRtxxx

Mbi_PlainSignedXipRtxxx

N/A

N/A

N/A

Mbi_CrcRam

Mbi_SignedRam

N/A

N/A

lpc550x

Mbi_PlainXip

Mbi_CrcXip

N/A

N/A

N/A

N/A

Mbi_CrcRam

N/A

N/A

N/A

lpc55s1x

Mbi_PlainXipRtxxx

Mbi_CrcXipRtxxx

Mbi_PlainSignedXipRtxxx

N/A

N/A

N/A

Mbi_CrcRam

Mbi_SignedRam

N/A

N/A

lpc551x

Mbi_PlainXip

Mbi_CrcXip

N/A

N/A

N/A

N/A

Mbi_CrcRam

N/A

N/A

N/A

lpc55s2x

Mbi_PlainXip

Mbi_CrcXip

Mbi_SignedXip

N/A

N/A

N/A

Mbi_CrcRam

Mbi_SignedRam

N/A

N/A

lpc552x

Mbi_PlainXip

Mbi_CrcXip

N/A

N/A

N/A

N/A

Mbi_CrcRam

N/A

N/A

N/A

lpc55s6x

Mbi_PlainXip

Mbi_CrcXip

Mbi_SignedXip

N/A

N/A

N/A

Mbi_CrcRam

Mbi_SignedRam

N/A

N/A

nhs52sxx

Mbi_PlainXip

Mbi_CrcXip

Mbi_SignedXip

N/A

N/A

N/A

Mbi_CrcRam

Mbi_SignedRam

N/A

N/A

rt5xx

Mbi_PlainXipRtxxx

Mbi_CrcXipRtxxx

Mbi_PlainSignedXipRtxxx

N/A

N/A

Mbi_PlainRamRtxxx

Mbi_CrcRamRtxxx

Mbi_PlainSignedRamRtxxx

N/A

Mbi_EncryptedRamRtxxx

rt6xx

Mbi_PlainXipRtxxx

Mbi_CrcXipRtxxx

Mbi_PlainSignedXipRtxxx

N/A

N/A

Mbi_PlainRamRtxxx

Mbi_CrcRamRtxxx

Mbi_PlainSignedRamRtxxx

N/A

Mbi_EncryptedRamRtxxx

lpc55s3x

Mbi_PlainRamLpc55s3x

Mbi_CrcXipLpc55s3x

Mbi_PlainXipSignedLpc55s3x

N/A

N/A

Mbi_PlainRamLpc55s3x

Mbi_CrcRamLpc55s3x

N/A

N/A

N/A

kw45xx

Mbi_PlainXipKw45xx

Mbi_CrcXipKw45xx

Mbi_PlainXipSignedKw45xx

Mbi_PlainXipSignedNxpKw45xx

N/A

N/A

N/A

N/A

N/A

N/A

k32w1xx

Mbi_PlainXipKw45xx

Mbi_CrcXipKw45xx

Mbi_PlainXipSignedKw45xx

Mbi_PlainXipSignedNxpKw45xx

N/A

N/A

N/A

N/A

N/A

N/A

lpc553x

Mbi_PlainRamLpc55s3x

Mbi_CrcXipLpc55s3x

N/A

N/A

N/A

Mbi_PlainRamLpc55s3x

Mbi_CrcRamLpc55s3x

N/A

N/A

N/A

mcxn9xx

Mbi_PlainXipMcxNx

Mbi_CrcXipMcxNx

Mbi_SignedXipMcxNx

N/A

N/A

Mbi_PlainRamMcxNx

Mbi_CrcRamMcxNx

Mbi_SignedRamMcxNx

N/A

N/A

mc56f81xxx

N/A

N/A

Mbi_SignedVx

N/A

N/A

N/A

N/A

N/A

N/A

N/A

mwct20d2x

N/A

N/A

Mbi_SignedVx

N/A

N/A

N/A

N/A

N/A

N/A

N/A

rw61x

Mbi_PlainRamRw61x

Mbi_CrcExtXipRw61x

Mbi_PlainExtXipSignedRw61x

N/A

N/A

Mbi_PlainRamRw61x

Mbi_CrcRamRw61x

Mbi_PlainSignedRamRw61x

N/A

N/A

mcxa1xx

Mbi_PlainXipMcxAx

Mbi_CrcXipMcxAx

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

Note

For LPC55xx (except for the LPC55S36 with external flash) the load-to-RAM images are intended only for recovery boot from 1-bit SPI flash.

Supported configuration options

Refer to the documentation below for the supported configuration options for each image type. Please note that the outputImageExecutionTarget and outputImageAuthenticationType must be filled in addition to the basic settings according to the table with supported devices.

outputImageExecutionTarget: xip # Application target., Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
outputImageAuthenticationType: signed # Type of boot image authentication., Specification of final master boot image authentication.

Mbi_CrcExtXipRw61x

  • family (string): MCU family name. Must be one of: ["rw61x"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

# =========================================  YAML template Mbi_CrcExtXipRw61x  =========================================

# ======================================================================================================================
#                                                == Mbi_CrcExtXipRw61x ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <rw61x>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

Mbi_CrcRam

  • family (string): MCU family name. Must be one of: ["lpc550x", "lpc551x", "lpc552x", "lpc55s0x", "lpc55s1x", "lpc55s2x", "lpc55s6x", "nhs52sxx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

# =============================================  YAML template Mbi_CrcRam  =============================================

# ======================================================================================================================
#                                                    == Mbi_CrcRam ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <lpc550x, lpc551x, lpc552x, lpc55s0x, lpc55s1x, lpc55s2x, lpc55s6x, nhs52sxx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

Mbi_CrcRamLpc55s3x

  • family (string): MCU family name. Must be one of: ["lpc553x", "lpc55s3x"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

# =========================================  YAML template Mbi_CrcRamLpc55s3x  =========================================

# ======================================================================================================================
#                                                == Mbi_CrcRamLpc55s3x ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <lpc553x, lpc55s3x>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

Mbi_CrcRamMcxNx

  • family (string): MCU family name. Must be one of: ["mcxn9xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

# ==========================================  YAML template Mbi_CrcRamMcxNx  ===========================================

# ======================================================================================================================
#                                                 == Mbi_CrcRamMcxNx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <mcxn9xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

Mbi_CrcRamRtxxx

  • family (string): MCU family name. Must be one of: ["rt5xx", "rt6xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • applicationTable (array): This is software future of RTxxx family that NXP SDK startup code(not ROM) could load additional images.

    • Items (object)

      • binary (string, required): The binary file to be added to final application.

      • destAddress ([‘string’, ‘number’], required): Destination address in RAM of additional binary.

      • load (boolean, required): Enabler to load/use the image.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • enableHwUserModeKeys ([‘boolean’, ‘string’]): Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure bus from non-secure application, else non-secure application will read zeros.

# ==========================================  YAML template Mbi_CrcRamRtxxx  ===========================================

# ======================================================================================================================
#                                                 == Mbi_CrcRamRtxxx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <rt5xx, rt6xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== The list of additional binaries [Optional] =====--------------------------------
# Description: This is software future of RTxxx family that NXP SDK startup code(not ROM) could load additional images.
applicationTable:
  -
    # ----------------------------------------===== Binary file [Required] =====----------------------------------------
    # Description: The binary file to be added to final application.
    binary: my_additional_binary.bin
    # ------------------------------------===== Destination address [Required] =====------------------------------------
    # Description: Destination address in RAM of additional binary.
    destAddress: 536870912
    # ----------------------------------------===== Enable load [Required] =====----------------------------------------
    # Description: Enabler to load/use the image.
    load: true
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false

Mbi_CrcRamRw61x

  • family (string): MCU family name. Must be one of: ["rw61x"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

# ==========================================  YAML template Mbi_CrcRamRw61x  ===========================================

# ======================================================================================================================
#                                                 == Mbi_CrcRamRw61x ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <rw61x>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

Mbi_CrcXip

  • family (string): MCU family name. Must be one of: ["lpc550x", "lpc551x", "lpc552x", "lpc55s2x", "lpc55s6x", "nhs52sxx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

# =============================================  YAML template Mbi_CrcXip  =============================================

# ======================================================================================================================
#                                                    == Mbi_CrcXip ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <lpc550x, lpc551x, lpc552x, lpc55s2x, lpc55s6x, nhs52sxx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml

Mbi_CrcXipKw45xx

  • family (string): MCU family name. Must be one of: ["k32w1xx", "kw45xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • outputImageSubtype (string): Image subtype determine the image use in MCU. “main” for main application, “nbu” for Narrow Band Unit image and “recovery” for recovery image type. Must be one of: ["main", "nbu", "recovery"].

# ==========================================  YAML template Mbi_CrcXipKw45xx  ==========================================

# ======================================================================================================================
#                                                 == Mbi_CrcXipKw45xx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <k32w1xx, kw45xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# -----------------------------------------===== Image SubType [Optional] =====-----------------------------------------
# Description: Image subtype determine the image use in MCU. "main" for main application, "nbu" for Narrow Band Unit
# image and "recovery" for recovery image type
# Possible options: <main, nbu, recovery>
outputImageSubtype: main

Mbi_CrcXipLpc55s3x

  • family (string): MCU family name. Must be one of: ["lpc553x", "lpc55s3x"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

# =========================================  YAML template Mbi_CrcXipLpc55s3x  =========================================

# ======================================================================================================================
#                                                == Mbi_CrcXipLpc55s3x ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <lpc553x, lpc55s3x>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

Mbi_CrcXipMcxAx

  • family (string): MCU family name. Must be one of: ["mcxa1xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

# ==========================================  YAML template Mbi_CrcXipMcxAx  ===========================================

# ======================================================================================================================
#                                                 == Mbi_CrcXipMcxAx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <mcxa1xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

Mbi_CrcXipMcxNx

  • family (string): MCU family name. Must be one of: ["mcxn9xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

# ==========================================  YAML template Mbi_CrcXipMcxNx  ===========================================

# ======================================================================================================================
#                                                 == Mbi_CrcXipMcxNx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <mcxn9xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

Mbi_CrcXipRtxxx

  • family (string): MCU family name. Must be one of: ["lpc55s0x", "lpc55s1x", "rt5xx", "rt6xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • enableHwUserModeKeys ([‘boolean’, ‘string’]): Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure bus from non-secure application, else non-secure application will read zeros.

# ==========================================  YAML template Mbi_CrcXipRtxxx  ===========================================

# ======================================================================================================================
#                                                 == Mbi_CrcXipRtxxx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <lpc55s0x, lpc55s1x, rt5xx, rt6xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false

Mbi_EncryptedRamRtxxx

  • family (string): MCU family name. Must be one of: ["rt5xx", "rt6xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • applicationTable (array): This is software future of RTxxx family that NXP SDK startup code(not ROM) could load additional images.

    • Items (object)

      • binary (string, required): The binary file to be added to final application.

      • destAddress ([‘string’, ‘number’], required): Destination address in RAM of additional binary.

      • load (boolean, required): Enabler to load/use the image.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • certBlock (string): Path to certificate block binary or config file.

  • mainRootCertPrivateKeyFile (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signPrivateKey (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signProvider (string): Signature provider configuration in format ‘type=<sp_type>;=;=”.

  • enableHwUserModeKeys ([‘boolean’, ‘string’]): Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure bus from non-secure application, else non-secure application will read zeros.

  • keyStoreFile (string): Optional KeyStore data file for included keystore in LoadToRam images. If defined the KeyStore is added into MBI.

  • outputImageEncryptionKeyFile (string): The OTP Master key that is used to compute HMAC encryption key. Could be defined as hex number and also as hex/binary file.\n Used algorithm by tool the get HMAC Key; AES_ENCRYPT (OTP_MASTER_KEK, 0x00000000000000000000000000000000).

  • CtrInitVector (string): The initial vector for encryption counter. Could be defined as hex number and also as hex/binary file.

# =======================================  YAML template Mbi_EncryptedRamRtxxx  ========================================

# ======================================================================================================================
#                                              == Mbi_EncryptedRamRtxxx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <rt5xx, rt6xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== The list of additional binaries [Optional] =====--------------------------------
# Description: This is software future of RTxxx family that NXP SDK startup code(not ROM) could load additional images.
applicationTable:
  -
    # ----------------------------------------===== Binary file [Required] =====----------------------------------------
    # Description: The binary file to be added to final application.
    binary: my_additional_binary.bin
    # ------------------------------------===== Destination address [Required] =====------------------------------------
    # Description: Destination address in RAM of additional binary.
    destAddress: 536870912
    # ----------------------------------------===== Enable load [Required] =====----------------------------------------
    # Description: Enabler to load/use the image.
    load: true
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>".
signProvider: type=file;file_path=my_prv_key.pem
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false
# ------------------------------------===== The Key store data file [Optional] =====------------------------------------
# Description: Optional KeyStore data file for included keystore in LoadToRam images. If defined the KeyStore is added
# into MBI.
keyStoreFile: my_key_store_data.bin
# -----------------------------------===== OTP Master key (HMAC Key) [Required] =====-----------------------------------
# Description: The OTP Master key that is used to compute HMAC encryption key. Could be defined as hex number and also
# as hex/binary file.\n Used algorithm by tool the get HMAC Key; AES_ENCRYPT (OTP_MASTER_KEK,
# 0x00000000000000000000000000000000)
outputImageEncryptionKeyFile: otp_master_key.bin
# ---------------===== The output image encryption initial vector for encryption counter [Optional] =====---------------
# Description: The initial vector for encryption counter. Could be defined as hex number and also as hex/binary file
CtrInitVector: '0xc3df2316fd40b15586cb5ae49483aee2'

Mbi_PlainExtXipSignedRw61x

  • family (string): MCU family name. Must be one of: ["rw61x"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • certBlock (string): Path to certificate block binary or config file.

  • mainRootCertPrivateKeyFile (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signPrivateKey (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signProvider (string): Signature provider configuration in format ‘type=<sp_type>;=;=”.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • firmwareVersion ([‘number’, ‘string’]): Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than value in PFR/IFR, then is image rejected (rollback protection)..

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

# =====================================  YAML template Mbi_PlainExtXipSignedRw61x  =====================================

# ======================================================================================================================
#                                            == Mbi_PlainExtXipSignedRw61x ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <rw61x>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>".
signProvider: type=file;file_path=my_prv_key.pem
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than
# value in PFR/IFR, then is image rejected (rollback protection)..
firmwareVersion: 0
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

Mbi_PlainRamLpc55s3x

  • family (string): MCU family name. Must be one of: ["lpc553x", "lpc55s3x"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

# ========================================  YAML template Mbi_PlainRamLpc55s3x  ========================================

# ======================================================================================================================
#                                               == Mbi_PlainRamLpc55s3x ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <lpc553x, lpc55s3x>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

Mbi_PlainRamMcxNx

  • family (string): MCU family name. Must be one of: ["mcxn9xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

# =========================================  YAML template Mbi_PlainRamMcxNx  ==========================================

# ======================================================================================================================
#                                                == Mbi_PlainRamMcxNx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <mcxn9xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

Mbi_PlainRamRtxxx

  • family (string): MCU family name. Must be one of: ["rt5xx", "rt6xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • enableHwUserModeKeys ([‘boolean’, ‘string’]): Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure bus from non-secure application, else non-secure application will read zeros.

# =========================================  YAML template Mbi_PlainRamRtxxx  ==========================================

# ======================================================================================================================
#                                                == Mbi_PlainRamRtxxx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <rt5xx, rt6xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false

Mbi_PlainRamRw61x

  • family (string): MCU family name. Must be one of: ["rw61x"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

# =========================================  YAML template Mbi_PlainRamRw61x  ==========================================

# ======================================================================================================================
#                                                == Mbi_PlainRamRw61x ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <rw61x>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

Mbi_PlainSignedRamRtxxx

  • family (string): MCU family name. Must be one of: ["rt5xx", "rt6xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • applicationTable (array): This is software future of RTxxx family that NXP SDK startup code(not ROM) could load additional images.

    • Items (object)

      • binary (string, required): The binary file to be added to final application.

      • destAddress ([‘string’, ‘number’], required): Destination address in RAM of additional binary.

      • load (boolean, required): Enabler to load/use the image.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • certBlock (string): Path to certificate block binary or config file.

  • mainRootCertPrivateKeyFile (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signPrivateKey (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signProvider (string): Signature provider configuration in format ‘type=<sp_type>;=;=”.

  • outputImageEncryptionKeyFile (string): The OTP Master key that is used to compute HMAC encryption key. Could be defined as hex number and also as hex/binary file.\n Used algorithm by tool the get HMAC Key; AES_ENCRYPT (OTP_MASTER_KEK, 0x00000000000000000000000000000000).

  • keyStoreFile (string): Optional KeyStore data file for included keystore in LoadToRam images. If defined the KeyStore is added into MBI.

  • enableHwUserModeKeys ([‘boolean’, ‘string’]): Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure bus from non-secure application, else non-secure application will read zeros.

# ======================================  YAML template Mbi_PlainSignedRamRtxxx  =======================================

# ======================================================================================================================
#                                             == Mbi_PlainSignedRamRtxxx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <rt5xx, rt6xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== The list of additional binaries [Optional] =====--------------------------------
# Description: This is software future of RTxxx family that NXP SDK startup code(not ROM) could load additional images.
applicationTable:
  -
    # ----------------------------------------===== Binary file [Required] =====----------------------------------------
    # Description: The binary file to be added to final application.
    binary: my_additional_binary.bin
    # ------------------------------------===== Destination address [Required] =====------------------------------------
    # Description: Destination address in RAM of additional binary.
    destAddress: 536870912
    # ----------------------------------------===== Enable load [Required] =====----------------------------------------
    # Description: Enabler to load/use the image.
    load: true
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>".
signProvider: type=file;file_path=my_prv_key.pem
# -----------------------------------===== OTP Master key (HMAC Key) [Required] =====-----------------------------------
# Description: The OTP Master key that is used to compute HMAC encryption key. Could be defined as hex number and also
# as hex/binary file.\n Used algorithm by tool the get HMAC Key; AES_ENCRYPT (OTP_MASTER_KEK,
# 0x00000000000000000000000000000000)
outputImageEncryptionKeyFile: otp_master_key.bin
# ------------------------------------===== The Key store data file [Optional] =====------------------------------------
# Description: Optional KeyStore data file for included keystore in LoadToRam images. If defined the KeyStore is added
# into MBI.
keyStoreFile: my_key_store_data.bin
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false

Mbi_PlainSignedRamRw61x

  • family (string): MCU family name. Must be one of: ["rw61x"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • certBlock (string): Path to certificate block binary or config file.

  • mainRootCertPrivateKeyFile (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signPrivateKey (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signProvider (string): Signature provider configuration in format ‘type=<sp_type>;=;=”.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • firmwareVersion ([‘number’, ‘string’]): Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than value in PFR/IFR, then is image rejected (rollback protection)..

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

# ======================================  YAML template Mbi_PlainSignedRamRw61x  =======================================

# ======================================================================================================================
#                                             == Mbi_PlainSignedRamRw61x ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <rw61x>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>".
signProvider: type=file;file_path=my_prv_key.pem
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than
# value in PFR/IFR, then is image rejected (rollback protection)..
firmwareVersion: 0
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

Mbi_PlainSignedXipRtxxx

  • family (string): MCU family name. Must be one of: ["lpc55s0x", "lpc55s1x", "rt5xx", "rt6xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • certBlock (string): Path to certificate block binary or config file.

  • mainRootCertPrivateKeyFile (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signPrivateKey (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signProvider (string): Signature provider configuration in format ‘type=<sp_type>;=;=”.

  • enableHwUserModeKeys ([‘boolean’, ‘string’]): Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure bus from non-secure application, else non-secure application will read zeros.

# ======================================  YAML template Mbi_PlainSignedXipRtxxx  =======================================

# ======================================================================================================================
#                                             == Mbi_PlainSignedXipRtxxx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <lpc55s0x, lpc55s1x, rt5xx, rt6xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>".
signProvider: type=file;file_path=my_prv_key.pem
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false

Mbi_PlainXip

  • family (string): MCU family name. Must be one of: ["lpc550x", "lpc551x", "lpc552x", "lpc55s2x", "lpc55s6x", "nhs52sxx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

# ============================================  YAML template Mbi_PlainXip  ============================================

# ======================================================================================================================
#                                                   == Mbi_PlainXip ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <lpc550x, lpc551x, lpc552x, lpc55s2x, lpc55s6x, nhs52sxx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml

Mbi_PlainXipKw45xx

  • family (string): MCU family name. Must be one of: ["k32w1xx", "kw45xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • outputImageSubtype (string): Image subtype determine the image use in MCU. “main” for main application, “nbu” for Narrow Band Unit image and “recovery” for recovery image type. Must be one of: ["main", "nbu", "recovery"].

# =========================================  YAML template Mbi_PlainXipKw45xx  =========================================

# ======================================================================================================================
#                                                == Mbi_PlainXipKw45xx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <k32w1xx, kw45xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# -----------------------------------------===== Image SubType [Optional] =====-----------------------------------------
# Description: Image subtype determine the image use in MCU. "main" for main application, "nbu" for Narrow Band Unit
# image and "recovery" for recovery image type
# Possible options: <main, nbu, recovery>
outputImageSubtype: main

Mbi_PlainXipMcxAx

  • family (string): MCU family name. Must be one of: ["mcxa1xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

# =========================================  YAML template Mbi_PlainXipMcxAx  ==========================================

# ======================================================================================================================
#                                                == Mbi_PlainXipMcxAx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <mcxa1xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

Mbi_PlainXipMcxNx

  • family (string): MCU family name. Must be one of: ["mcxn9xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

# =========================================  YAML template Mbi_PlainXipMcxNx  ==========================================

# ======================================================================================================================
#                                                == Mbi_PlainXipMcxNx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <mcxn9xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

Mbi_PlainXipRtxxx

  • family (string): MCU family name. Must be one of: ["lpc55s0x", "lpc55s1x", "rt5xx", "rt6xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • enableHwUserModeKeys ([‘boolean’, ‘string’]): Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure bus from non-secure application, else non-secure application will read zeros.

# =========================================  YAML template Mbi_PlainXipRtxxx  ==========================================

# ======================================================================================================================
#                                                == Mbi_PlainXipRtxxx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <lpc55s0x, lpc55s1x, rt5xx, rt6xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ----------------------------------===== Enable User HW key sharing [Required] =====-----------------------------------
# Description: Controlling secure hardware key bus. If enabled(1), then it is possible to access keys on hardware secure
# bus from non-secure application, else non-secure application will read zeros.
enableHwUserModeKeys: false

Mbi_PlainXipSignedKw45xx

  • family (string): MCU family name. Must be one of: ["k32w1xx", "kw45xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • certBlock (string): Path to certificate block binary or config file.

  • mainRootCertPrivateKeyFile (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signPrivateKey (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signProvider (string): Signature provider configuration in format ‘type=<sp_type>;=;=”.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • firmwareVersion ([‘number’, ‘string’]): Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than value in PFR/IFR, then is image rejected (rollback protection)..

  • manifestDigestHashAlgorithm (string): Optional Manifest signing hash algorithm name to create Certificate v3.1 Manifest. Must be one of: ["sha256", "sha384", "sha521"].

  • noSignature (boolean): When is set, the signature is not included. The signature could be later added by HSM.

# ======================================  YAML template Mbi_PlainXipSignedKw45xx  ======================================

# ======================================================================================================================
#                                             == Mbi_PlainXipSignedKw45xx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <k32w1xx, kw45xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>".
signProvider: type=file;file_path=my_prv_key.pem
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than
# value in PFR/IFR, then is image rejected (rollback protection)..
firmwareVersion: 0
# --------------------------------===== Manifest signing hash algorithm [Optional] =====--------------------------------
# Description: Optional Manifest signing hash algorithm name to create Certificate v3.1 Manifest.
# Possible options: <sha256, sha384, sha521>
manifestDigestHashAlgorithm: sha256
# -----------------------------------------===== No Signature [Optional] =====------------------------------------------
# Description: When is set, the signature is not included. The signature could be later added by HSM.
noSignature: false

Mbi_PlainXipSignedLpc55s3x

  • family (string): MCU family name. Must be one of: ["lpc55s3x"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

  • certBlock (string): Path to certificate block binary or config file.

  • mainRootCertPrivateKeyFile (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signPrivateKey (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signProvider (string): Signature provider configuration in format ‘type=<sp_type>;=;=”.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • firmwareVersion ([‘number’, ‘string’]): Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than value in PFR/IFR, then is image rejected (rollback protection)..

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

# =====================================  YAML template Mbi_PlainXipSignedLpc55s3x  =====================================

# ======================================================================================================================
#                                            == Mbi_PlainXipSignedLpc55s3x ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <lpc55s3x>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>".
signProvider: type=file;file_path=my_prv_key.pem
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than
# value in PFR/IFR, then is image rejected (rollback protection)..
firmwareVersion: 0
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0

Mbi_PlainXipSignedNxpKw45xx

  • family (string): MCU family name. Must be one of: ["k32w1xx", "kw45xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • certBlock (string): Path to certificate block binary or config file.

  • mainRootCertPrivateKeyFile (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signPrivateKey (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signProvider (string): Signature provider configuration in format ‘type=<sp_type>;=;=”.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • firmwareVersion ([‘number’, ‘string’]): Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than value in PFR/IFR, then is image rejected (rollback protection)..

  • manifestDigestHashAlgorithm (string): Optional Manifest signing hash algorithm name to create Certificate v3.1 Manifest. Must be one of: ["sha256", "sha384", "sha521"].

  • outputImageSubtype (string): Image subtype determine the image use in MCU. “main” for main application, “nbu” for Narrow Band Unit image and “recovery” for recovery image type. Must be one of: ["main", "nbu", "recovery"].

  • noSignature (boolean): When is set, the signature is not included. The signature could be later added by HSM.

# ====================================  YAML template Mbi_PlainXipSignedNxpKw45xx  =====================================

# ======================================================================================================================
#                                           == Mbi_PlainXipSignedNxpKw45xx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <k32w1xx, kw45xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>".
signProvider: type=file;file_path=my_prv_key.pem
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than
# value in PFR/IFR, then is image rejected (rollback protection)..
firmwareVersion: 0
# --------------------------------===== Manifest signing hash algorithm [Optional] =====--------------------------------
# Description: Optional Manifest signing hash algorithm name to create Certificate v3.1 Manifest.
# Possible options: <sha256, sha384, sha521>
manifestDigestHashAlgorithm: sha256
# -----------------------------------------===== Image SubType [Optional] =====-----------------------------------------
# Description: Image subtype determine the image use in MCU. "main" for main application, "nbu" for Narrow Band Unit
# image and "recovery" for recovery image type
# Possible options: <main, nbu, recovery>
outputImageSubtype: main
# -----------------------------------------===== No Signature [Optional] =====------------------------------------------
# Description: When is set, the signature is not included. The signature could be later added by HSM.
noSignature: false

Mbi_SignedRam

  • family (string): MCU family name. Must be one of: ["lpc55s0x", "lpc55s1x", "lpc55s2x", "lpc55s6x", "nhs52sxx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • certBlock (string): Path to certificate block binary or config file.

  • mainRootCertPrivateKeyFile (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signPrivateKey (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signProvider (string): Signature provider configuration in format ‘type=<sp_type>;=;=”.

# ===========================================  YAML template Mbi_SignedRam  ============================================

# ======================================================================================================================
#                                                  == Mbi_SignedRam ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <lpc55s0x, lpc55s1x, lpc55s2x, lpc55s6x, nhs52sxx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>".
signProvider: type=file;file_path=my_prv_key.pem

Mbi_SignedRamMcxNx

  • family (string): MCU family name. Must be one of: ["mcxn9xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • certBlock (string): Path to certificate block binary or config file.

  • mainRootCertPrivateKeyFile (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signPrivateKey (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signProvider (string): Signature provider configuration in format ‘type=<sp_type>;=;=”.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • firmwareVersion ([‘number’, ‘string’]): Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than value in PFR/IFR, then is image rejected (rollback protection)..

  • outputImageSubtype (string): Image subtype determine the image use in MCU. “main” for main application, “nbu” for Narrow Band Unit image and “recovery” for recovery image type. Must be one of: ["main", "nbu", "recovery"].

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

# =========================================  YAML template Mbi_SignedRamMcxNx  =========================================

# ======================================================================================================================
#                                                == Mbi_SignedRamMcxNx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <mcxn9xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>".
signProvider: type=file;file_path=my_prv_key.pem
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than
# value in PFR/IFR, then is image rejected (rollback protection)..
firmwareVersion: 0
# -----------------------------------------===== Image SubType [Optional] =====-----------------------------------------
# Description: Image subtype determine the image use in MCU. "main" for main application, "nbu" for Narrow Band Unit
# image and "recovery" for recovery image type
# Possible options: <main, nbu, recovery>
outputImageSubtype: main
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0

Mbi_SignedVx

  • family (string): MCU family name. Must be one of: ["mc56f81xxx", "mwct20d2x"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • firmwareVersion ([‘number’, ‘string’]): Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than value in PFR/IFR, then is image rejected (rollback protection)..

  • certBlock (string): Path to certificate block binary or config file.

  • mainRootCertPrivateKeyFile (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signPrivateKey (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signProvider (string): Signature provider configuration in format ‘type=<sp_type>;=;=”.

# ============================================  YAML template Mbi_SignedVx  ============================================

# ======================================================================================================================
#                                                   == Mbi_SignedVx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <mc56f81xxx, mwct20d2x>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than
# value in PFR/IFR, then is image rejected (rollback protection)..
firmwareVersion: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>".
signProvider: type=file;file_path=my_prv_key.pem

Mbi_SignedXip

  • family (string): MCU family name. Must be one of: ["lpc55s2x", "lpc55s6x", "nhs52sxx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • certBlock (string): Path to certificate block binary or config file.

  • mainRootCertPrivateKeyFile (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signPrivateKey (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signProvider (string): Signature provider configuration in format ‘type=<sp_type>;=;=”.

# ===========================================  YAML template Mbi_SignedXip  ============================================

# ======================================================================================================================
#                                                  == Mbi_SignedXip ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <lpc55s2x, lpc55s6x, nhs52sxx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>".
signProvider: type=file;file_path=my_prv_key.pem

Mbi_SignedXipMcxNx

  • family (string): MCU family name. Must be one of: ["mcxn9xx"].

  • outputImageExecutionTarget (string): Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence. Must be one of: ["xip", "load-to-ram", "Internal flash (XIP)", "External flash (XIP)", "Internal Flash (XIP)", "External Flash (XIP)", "RAM", "ram"].

  • outputImageAuthenticationType (string): Specification of final master boot image authentication. Must be one of: ["plain", "crc", "signed", "signed-encrypted", "signed-nxp", "Plain", "CRC", "Signed", "Encrypted + Signed", "NXP Signed", "NXP signed", "encrypted"].

  • masterBootOutputFile (string): The file for Master Boot Image result file.

  • inputImageFile (string): The input application image to by modified to Master Boot Image.

  • outputImageExecutionAddress ([‘number’, ‘string’]): Application loading address in RAM if not XiP, otherwise address of load in XiP.

  • certBlock (string): Path to certificate block binary or config file.

  • mainRootCertPrivateKeyFile (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signPrivateKey (string): Main Certificate private key used to sign certificate. It can be replaced by signProvider key.

  • signProvider (string): Signature provider configuration in format ‘type=<sp_type>;=;=”.

  • enableTrustZone (boolean): If not specified, the Trust zone is disabled.

  • trustZonePresetFile (string): If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.

  • firmwareVersion ([‘number’, ‘string’]): Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than value in PFR/IFR, then is image rejected (rollback protection)..

  • outputImageSubtype (string): Image subtype determine the image use in MCU. “main” for main application, “nbu” for Narrow Band Unit image and “recovery” for recovery image type. Must be one of: ["main", "nbu", "recovery"].

  • imageVersion ([‘number’, ‘string’]): Image version is used for dual boot. The boot ROM decides which image to boot first based on the image version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.

# =========================================  YAML template Mbi_SignedXipMcxNx  =========================================

# ======================================================================================================================
#                                                == Mbi_SignedXipMcxNx ==
# ======================================================================================================================
# ------------------------------------------===== MCU family [Required] =====-------------------------------------------
# Description: MCU family name.
# Possible options: <mcxn9xx>
family: CHOOSE_FROM_TABLE
# --------------------------------------===== Application target [Required] =====---------------------------------------
# Description: Definition if application is Execute in Place(XiP) or loaded to RAM during reset sequence.
# Possible options: <xip, load-to-ram, Internal flash (XIP), External flash (XIP), Internal Flash (XIP), External Flash
# (XIP), RAM, ram>
outputImageExecutionTarget: CHOOSE_FROM_TABLE
# -------------------------------===== Type of boot image authentication [Required] =====-------------------------------
# Description: Specification of final master boot image authentication.
# Possible options: <plain, crc, signed, signed-encrypted, signed-nxp, Plain, CRC, Signed, Encrypted + Signed, NXP
# Signed, NXP signed, encrypted>
outputImageAuthenticationType: CHOOSE_FROM_TABLE
# ------------------------------------===== Master Boot Image name [Required] =====-------------------------------------
# Description: The file for Master Boot Image result file.
masterBootOutputFile: my_mbi.bin
# ------------------------------------===== Plain application image [Required] =====------------------------------------
# Description: The input application image to by modified to Master Boot Image.
inputImageFile: my_application.bin
# --------------------------------===== Loading address of application [Required] =====---------------------------------
# Description: Application loading address in RAM if not XiP, otherwise address of load in XiP.
outputImageExecutionAddress: 0
# -----------------------------===== Certificate Block binary/config file [Required] =====------------------------------
# Description: Path to certificate block binary or config file.
certBlock: cert_block.yaml
# --------------------------===== Main Certificate private key [Conditionally required] =====---------------------------
# Description: Main Certificate private key used to sign certificate. It can be replaced by signProvider key.
signPrivateKey: main_prv_key.pem
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=<sp_type>;<key1>=<value1>;<key2>=<value2>".
signProvider: type=file;file_path=my_prv_key.pem
# ------------------------------------===== TrustZone enable option [Optional] =====------------------------------------
# Description: If not specified, the Trust zone is disabled.
enableTrustZone: false
# ---------------------------------===== TrustZone Customization file [Optional] =====----------------------------------
# Description: If not specified, but TrustZone is enabled(enableTrustZone) the default values are used.
trustZonePresetFile: my_tz_custom.yaml
# ---------------------------------------===== Firmware version. [Optional] =====---------------------------------------
# Description: Value compared with Secure_FW_Version monotonic counter value stored in PFR/IFR. If value is lower than
# value in PFR/IFR, then is image rejected (rollback protection)..
firmwareVersion: 0
# -----------------------------------------===== Image SubType [Optional] =====-----------------------------------------
# Description: Image subtype determine the image use in MCU. "main" for main application, "nbu" for Narrow Band Unit
# image and "recovery" for recovery image type
# Possible options: <main, nbu, recovery>
outputImageSubtype: main
# ----------------------------------------===== Image version. [Optional] =====-----------------------------------------
# Description: Image version is used for dual boot. The boot ROM decides which image to boot first based on the image
# version. It boots the one with the newer image version first, and in case of a failure, it boots the older one.
imageVersion: 0