Features

Here are the key features of the MCUXpresso Secure Provisioning Tool (SEC):

Security Enablement

• Image signing and encryptions: Supports generation of signed and encrypted images using customer-provided keys and certificates.

• Secure boot configuration: Automates creation of secure boot headers (for example, HAB, TrustZone-M, BEE).

• Key management: Integrates with NXP’s key provisioning workflows, including SRK, DEK, and OTP key programming.

• Optional signature provider: It allows customizing integration of HSM module for signing the image.

• Trust provisioning: device HSM and EdgeLock 2GO

Device Communication & Flashing

• BootROM interface support: Communicates with BootROM via UART, USB, SPI, or I2C.

• Flash programming: Supports writing to internal flash and external memory (for example, QSPI, FlexSPI NOR/NAND, eMMC).

• Device detection and connection management: Auto-detects connected devices and manages communication

User Experience

• Guided workflows: workspace wizard with predefined profiles to create a new configuration easily.

• Visual feedback: Real-time status updates, logs, and error reporting.

• Cross-Platform Support: Available for Windows, Linux, and macOS.

Useful Extensions

• Debug authentication support

• SB editor allowing creation of Secure Binary files

• Merge tool allowing merging several images into one

• MCUboot signer allowing signing the custom application via the MCUboot third-party tool

• Manufacturing tool for FAB operations, allowing provisioning several devices in parallel

• Additional command-line utilities for low-level interaction with the device

Device & Platform Support

• Broad MCU family coverage: Compatible with a wide range of NXP MCUs (for example, i.MX RT, LPC, MCX).

• Support for latest silicon features: Regularly updated to support new security features and silicon revisions.