This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

MCU-PLUS-SDK-AM243X: Firmware Encryption with OSPI Boot

Part Number: MCU-PLUS-SDK-AM243X

Hello,

currently we are thinking about encrypting our firmware. 

Our PCBA boots from OSPI Flash (via modified OSPI SBL). 

We are discussing different scenarios on how to implement the encryption.

One would be to store an encrypted firwmare file directly on the flash. At first this seems to be supported by SDK/ TI. But I found this mention in the SDK Docu:

So can we store encrypted FW on the flash and the SBL takes over encryption? Or is this not supported by the SDK?

If this is possible:

1. From the documentation I don't get how the key for encrytion is stored on the device. Do we need to burn it during production? How does this process look like?

2. Can we update devices which are already at customer? Current device at customer does not use encrypted FW. Can we "retrofit" the decryption?

Thanks

Fabian