September 2, 2025 • 13 mins
Welcome back to the EdgeVerse Techcast! In this episode, Bridgette Stone and Kyle Dando are joined by security enablement guru Libor Ukropec to explore the latest features of NXP's Secure Provisioning Tool (SEC). Libor delves into the complexities of digital signing, encryption, and the vital role of the SEC tool in safeguarding intellectual property and ensuring product longevity.
The episode also sheds light on
- the SP-SDK library
- wireless power charging (WPC) support through EdgeLock 2GO
- IPED's real-time data encryption with PRINCE block cypher
Tune in to learn how these tools make it easier for developers to meet security standards and protect their innovative products. Don't miss out—this episode is packed with insights crafted to help you stay ahead in the evolving world of IoT security!
Resources:
00:00 Welcome to EdgeVerse Techcast
00:26 Meet Libor Ukropec: Security Guru
01:14 Understanding the SEC Tool
03:04 SEC Tool vs SP-SDK: When to Use What
05:12 New Features and Customer Feedback
06:22 WPC Support and Wireless Charging
08:47 EdgeLock 2GO: Secure IoT Management
09:52 IPED: Real-Time Encryption
11:07 Wrapping Up and Final Thoughts
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Bridgette Stone (00:11):
Hey everyone, and welcome back to the EdgeVerse Techcast,
your go-to spot for all thingsNXP software tools and enablement.
I'm Bridgette Stone, and if you'vebeen with us before, you know we
love diving into the tools thatmake developers lives easier.
Kyle Dando (00:25):
And I'm Kyle Dando
.Today we're very fortunate to be joined by Libor Ukropec.
I will let Libor introduce himself, butin short, Libor is a guru when it comes
to the security enablement tools at NXP.
Today he will update us on thenew features of the SEC tool.
But Libor, why don't you introduceyourself first and then we can
(00:46):
jump into more about the SEC tool.
Libor Ukropec (00:48):
Hi.
I'm Libor Ukropec, and as Kyle noted, I'mthe Software Architect for the MCUXpresso
Secure Provisioning Tool, SEC for short.
Which is a GUI based application providedto simplify generation and provisioning of
bootable executables on NXP MCU devices.
I've worked for severalenablement software tools
(01:08):
since Freescale times to NXP.
and I'm lucky to call Brunoand the Czech Republic home.
Hello!
Bridgette Stone (01:14):
So Libor, let's say that you're out on a walk in Bruno
and a neighbor asks you what you do.
How would you describe theSEC tool in simple terms?
Libor Ukropec (01:24):
That's a pretty tough question.
Few times asked by my familyalready, so let's try it.
Imagine that you have createda great product, that it
includes some valuable software.
Now you face a few challenges.
First.
You might need to manufacture iton the other side of the planet for
costs, logistics, or other reasons.
(01:46):
But you also want to protectyour intellectual property.
You don't want your software to be stolenor copied to make counterfeit products.
And of course, you want to make sure noone tampers with it to insert malware.
Second, once your product isout in the real world, you want
it to last and stay secure.
(02:07):
That means protecting it fromhacking, misuse, and other threats.
Now, back to the question.
At NXP we offer solutions that help youdigitally sign and even encrypt your
software so your know-how stays safe.
But doing this right is complex andnot everyone is a security expert.
That's where our SecureProvisioning tool comes in.
(02:30):
It helps you handle these challengesquickly and safely so you can focus
on building your great productswhile we help to keep them secure.
Bridgette Stone (02:39):
I really enjoyed that explanation.
It shows why this tool mattersand why it's so important.
And can you share with the listenershow long NXP has offered the SEC tool?
Libor Ukropec (02:48):
Uh, we started in summer of 2019 with the first release in the
same year, December, if I'm correct.
Kyle Dando (02:55):
All right.
Well that's quite a good historyand the tool's been very popular.
Let's ask one more question, Libor,before we jump into some of these
new features that have been released.
You mentioned that the SEC tool is a GUI.
However it leverages what's called theSP-SDK, which is the underlying software.
When do you see customers usingthe SP-SDK versus the SEC tool?
Libor Ukropec (03:18):
Mm-hmm.
You are absolutely right.
The SEC tool or SEC tool isbuilt on top of the SP-SDK.
Uh, let me first explain what SP-SDK is.
It's a low-level Python librarythat offers full flexibility for
configuring and provisioning devices.
It's intended for users with Pythonand general programming skills, and a
(03:42):
deeper understanding of the NXP platform.
Using SP-SDK as a libraryis certainly possible.
But in my opinion, it's relatively rareand typically reserved for advanced
users or very specific use cases.
The SEC tool, on the other hand,is designed to support common
scenarios without requiring usersto dive into every technical detail.
(04:06):
It features a graphical interface and addsvalue by validating user configurations.
Helping to ensure that there areno mistakes that could compromise
security or even brick the device.
And to round it out.
The SEC tool also includes commandline support for automation and
scripting, making it suitable for bothinteractive and automated workflows.
Kyle Dando (04:30):
Okay.
It seems like they're both verybalanced tools, but do you ever see
the same customer using both of them?
Libor Ukropec (04:37):
Uh, SEC tool leverages SP-SDK in both ways?
It uses the library directlyinside the tool and also calls the
command line utilities from SP-SDK.
So users are using them indirectly anyway.
I expect majority users will not need touse command line utilities frequently,
maybe interacting with the commandline tools for specific tweaks or edge
(05:01):
cases that the SEC tool doesn't cover.
Or during the development fortasks like reading memory from the
device, opening the Debug port,mass erase of the memory and so on.
Bridgette Stone (05:12):
Thanks Libor.
I wanna pivot just a little bitand talk about some updates.
You recently shared several new features.
What's one you think listenerswill find the most interesting?
Libor Ukropec (05:22):
Mm-hmm.
I think listeners will be excitedto hear that we really take
customer feedback seriously.
Whether it comes through ourcommunity web or support channels.
One update I find particularly interestingis related to the manufacturing
tool, which is used in small tomedium scale production environments.
Based on the user feedback, we haveadded more detailed logging and
(05:45):
made it easier to share those logswith the OEMs for troubleshooting.
We also introduced support for customUSB identification in the mentioned
tool among other improvements.
Again, based on the user's feedback.
Bridgette Stone (05:59):
That's so encouraging.
It really shows that feedbackfrom our customers shape the
tool and the team is able to takethat seriously and implement it.
Kyle Dando (06:07):
Yeah, I know the Czech team is busy.
You guys have a lot of new features,but when you get that input from the
customers and you actually take thefeedback and implement the improvements
like you did with that logging tool,I know the customers appreciate it.
All right.
That was great.
Now can you explain to thelisteners more about WPC support?
I had not heard of this before.
(06:29):
I Googled it on the web that involveswireless power charging devices.
I guess it's pretty importantto have a well-defined standard
on how to charge these devices.
All the power stations thatwe see and all the wireless
charging solutions in our home.
What more can you share that makes thisimportant, specifically the security
aspect of the wireless charging?
Libor Ukropec (06:50):
Yes.
Wireless charging is becominga standard feature everywhere.
For example, mobiles, wearables,and even in the motor vehicles.
But it brings unique technicalchallenges, especially around the
safety, electromagnetic compatibility,and device authentication.
NXP's MWCT family of Wireless ChargingMCUs support the Qi standard from
(07:14):
the Wireless Power Consortium.
Ensuring reliable and secure charging.
Kyle Dando (07:19):
So what did your team do specifically to help support
wireless charging applicationswith this WPC standard?
Libor Ukropec (07:26):
Mm-hmm.
First, we added support for these MWCTMCUs, like we do for other devices.
What's extra is the WPC support.
The Wireless Power Consortiumdivides the Qi standard.
Which includes support for authenticationand certification, and this ensures
(07:46):
that only verified compliant devices canaccess power from certified chargers.
Authentication helps prevent counterfitdevices from drawing power or causing
damage, while certification guaranteesinteroperability and safety across
different brands and products.
What we did in the SEC tool is weintegrated the NXP EdgeLock 2GO
(08:09):
service that provides the certificationand authentication services.
SEC tool is then capable to injectthe required certificates into the
development and production flow.
Kyle Dando (08:20):
Okay.
All right.
The SEC tool provides a user interfacethat enables that EdgeLock 2GO feature
for certification and authentication.
So I have learned in my time at NXP,that EdgeLock 2GO is super valuable.
Lots of customers want to integratethat into their products, but
it's difficult to implement.
So it sounds like, from whatyou're telling me, the SEC tool
(08:42):
is allowing more people to accessthis great service from NXP.
Libor Ukropec (08:46):
Yes, exactly.
For MWCT MCUs, we have enabledWPC support through EdgeLock 2GO.
But as you said, EdgeLock2GO offers much more.
It's a cloud-based service platformdesigned to securly provision and
manage IoT devices throughout theirentire lifecycle from manufacturing
(09:07):
to deployment and retirement.
It supports integration withAmazon IoT Core, Azure IoT Hub,
Matter certification, and more.
In short, EdgeLock 2GO letsyou securely manage your IoT
devices via a cloud dashboard.
You can register devices, signcredentials, like keys and certificates,
(09:29):
and monitor provisioning status.
But how are these keys,certificates, and other assets
securely transferred to the device?
You can either implement your ownclient using the EdgeLock 2GO REST
API, or you can use the SEC tool.
Just specify your access key and ProductId, and the rest is handled for you.
(09:50):
And all the magic happensbehind the scenes.
Bridgette Stone (09:53):
One last topic, and forgive my joke here.
When I first heard IPED, I thoughtwe were giving our microcontrollers
performance enhancing drugs!
But really what is IPED?
Not I-P-E-D.
And why is it importantfor the ever-changing world
of crypto and encryption?
Libor Ukropec (10:10):
Yes.
IPED has been addressed by theSEC tool for some time already.
And what is IPED?
In short, it's a hardware feature in someNXP MCUs that enables real time encryption
and decryption of data stored in externalflash memory using PRINCE block cipher.
It's especially useful for protectingsensitive code or data in embedded
(10:33):
systems as it operates transparentlyand with minimal performance overhead.
The 25.06 upgrade provides supportfor IPED on i.MX RT 700 MCUs.
Is it important to keep upwith ever changing world of
cryptography and encryption?
I would say absolutely yes.
Customers need to protect theirintellectual property, and it's
(10:54):
our responsibility to providestate-of-the-art solutions.
Security is constantly evolvingand we can't afford to stand still.
Bridgette Stone (11:02):
It makes total sense to me.
Protecting IP isn't optional anymore.
Libor, before we wrap up, wherecan listeners go to try out
the SEC tool for themselves?
Libor Ukropec (11:13):
Mm-hmm.
We have a marketing page wherepeople can learn more about the SEC
tool at nxp.com/mcuxpresso/secure.
And there is a great videoshowing how developers can use
the SEC tool in just 6-clicks.
Bridgette Stone (11:30):
Great.
We will make sure to put thoseURLs in our episode notes.
Kyle Dando (11:34):
All right.
Libor, thank you very much.
This has been a terrific update.
You've helped everyone listening tounderstand more about the SEC tool
than they ever thought was possible.
In today's environment designinga secure product is critical, and
your team has developed the SECtool to help meet this challenge.
This tool has a very easy to use graphicaluser interface, and designers can now
(11:59):
secure their IP by signing and encryptingthe software images in their products.
We then learned about a few valuableupdates that were in the recent
25.06 release of the SEC tool.
You've addressed customer feedbackthat you've received specifically
about the manufacturing tool andincreasing the logging capabilities.
You've added wireless power chargingdevice support for certification
(12:22):
and authentication using NXP'spopular EdgeLock 2GO solution.
And most important, the teamtirelessly is working to keep the SEC
tool current with the ever-changingcryptography and encryption standards.
Bridgette Stone (12:35):
Yes.
Thank you so much Libor forbeing with us today and making a
complex topic very approachable.
Libor Ukropec (12:41):
Sure.
It was actually more enjoyablethan I thought it would be.
Bridgette Stone (12:45):
Well, we are happy to have you and hope to get you back soon.
And for our listeners, don't forget toLike, Subscribe and turn on Notifications
so you never miss an episode.
And if you got a topic you'd lovefor us to cover, please let us know.
Kyle Dando (12:59):
Until next time, keep innovating, stay safe and
secure, and we'll catch you onthe next EdgeVerse Techcast.
Hey everyone, and welcome back to the EdgeVerse Techcast,
your go-to spot for all thingsNXP software tools and enablement.
I'm Bridgette Stone, and if you'vebeen with us before, you know we
love diving into the tools thatmake developers lives easier.
Kyle Dando (00:25):
And I'm Kyle Dando
.Today we're very fortunate to be joined by Libor Ukropec.
I will let Libor introduce himself, butin short, Libor is a guru when it comes
to the security enablement tools at NXP.
Today he will update us on thenew features of the SEC tool.
But Libor, why don't you introduceyourself first and then we can
(00:46):
jump into more about the SEC tool.
Libor Ukropec (00:48):
Hi.
I'm Libor Ukropec, and as Kyle noted, I'mthe Software Architect for the MCUXpresso
Secure Provisioning Tool, SEC for short.
Which is a GUI based application providedto simplify generation and provisioning of
bootable executables on NXP MCU devices.
I've worked for severalenablement software tools
(01:08):
since Freescale times to NXP.
and I'm lucky to call Brunoand the Czech Republic home.
Hello!
Bridgette Stone (01:14):
So Libor, let's say that you're out on a walk in Bruno
and a neighbor asks you what you do.
How would you describe theSEC tool in simple terms?
Libor Ukropec (01:24):
That's a pretty tough question.
Few times asked by my familyalready, so let's try it.
Imagine that you have createda great product, that it
includes some valuable software.
Now you face a few challenges.
First.
You might need to manufacture iton the other side of the planet for
costs, logistics, or other reasons.
(01:46):
But you also want to protectyour intellectual property.
You don't want your software to be stolenor copied to make counterfeit products.
And of course, you want to make sure noone tampers with it to insert malware.
Second, once your product isout in the real world, you want
it to last and stay secure.
(02:07):
That means protecting it fromhacking, misuse, and other threats.
Now, back to the question.
At NXP we offer solutions that help youdigitally sign and even encrypt your
software so your know-how stays safe.
But doing this right is complex andnot everyone is a security expert.
That's where our SecureProvisioning tool comes in.
(02:30):
It helps you handle these challengesquickly and safely so you can focus
on building your great productswhile we help to keep them secure.
Bridgette Stone (02:39):
I really enjoyed that explanation.
It shows why this tool mattersand why it's so important.
And can you share with the listenershow long NXP has offered the SEC tool?
Libor Ukropec (02:48):
Uh, we started in summer of 2019 with the first release in the
same year, December, if I'm correct.
Kyle Dando (02:55):
All right.
Well that's quite a good historyand the tool's been very popular.
Let's ask one more question, Libor,before we jump into some of these
new features that have been released.
You mentioned that the SEC tool is a GUI.
However it leverages what's called theSP-SDK, which is the underlying software.
When do you see customers usingthe SP-SDK versus the SEC tool?
Libor Ukropec (03:18):
Mm-hmm.
You are absolutely right.
The SEC tool or SEC tool isbuilt on top of the SP-SDK.
Uh, let me first explain what SP-SDK is.
It's a low-level Python librarythat offers full flexibility for
configuring and provisioning devices.
It's intended for users with Pythonand general programming skills, and a
(03:42):
deeper understanding of the NXP platform.
Using SP-SDK as a libraryis certainly possible.
But in my opinion, it's relatively rareand typically reserved for advanced
users or very specific use cases.
The SEC tool, on the other hand,is designed to support common
scenarios without requiring usersto dive into every technical detail.
(04:06):
It features a graphical interface and addsvalue by validating user configurations.
Helping to ensure that there areno mistakes that could compromise
security or even brick the device.
And to round it out.
The SEC tool also includes commandline support for automation and
scripting, making it suitable for bothinteractive and automated workflows.
Kyle Dando (04:30):
Okay.
It seems like they're both verybalanced tools, but do you ever see
the same customer using both of them?
Libor Ukropec (04:37):
Uh, SEC tool leverages SP-SDK in both ways?
It uses the library directlyinside the tool and also calls the
command line utilities from SP-SDK.
So users are using them indirectly anyway.
I expect majority users will not need touse command line utilities frequently,
maybe interacting with the commandline tools for specific tweaks or edge
(05:01):
cases that the SEC tool doesn't cover.
Or during the development fortasks like reading memory from the
device, opening the Debug port,mass erase of the memory and so on.
Bridgette Stone (05:12):
Thanks Libor.
I wanna pivot just a little bitand talk about some updates.
You recently shared several new features.
What's one you think listenerswill find the most interesting?
Libor Ukropec (05:22):
Mm-hmm.
I think listeners will be excitedto hear that we really take
customer feedback seriously.
Whether it comes through ourcommunity web or support channels.
One update I find particularly interestingis related to the manufacturing
tool, which is used in small tomedium scale production environments.
Based on the user feedback, we haveadded more detailed logging and
(05:45):
made it easier to share those logswith the OEMs for troubleshooting.
We also introduced support for customUSB identification in the mentioned
tool among other improvements.
Again, based on the user's feedback.
Bridgette Stone (05:59):
That's so encouraging.
It really shows that feedbackfrom our customers shape the
tool and the team is able to takethat seriously and implement it.
Kyle Dando (06:07):
Yeah, I know the Czech team is busy.
You guys have a lot of new features,but when you get that input from the
customers and you actually take thefeedback and implement the improvements
like you did with that logging tool,I know the customers appreciate it.
All right.
That was great.
Now can you explain to thelisteners more about WPC support?
I had not heard of this before.
(06:29):
I Googled it on the web that involveswireless power charging devices.
I guess it's pretty importantto have a well-defined standard
on how to charge these devices.
All the power stations thatwe see and all the wireless
charging solutions in our home.
What more can you share that makes thisimportant, specifically the security
aspect of the wireless charging?
Libor Ukropec (06:50):
Yes.
Wireless charging is becominga standard feature everywhere.
For example, mobiles, wearables,and even in the motor vehicles.
But it brings unique technicalchallenges, especially around the
safety, electromagnetic compatibility,and device authentication.
NXP's MWCT family of Wireless ChargingMCUs support the Qi standard from
(07:14):
the Wireless Power Consortium.
Ensuring reliable and secure charging.
Kyle Dando (07:19):
So what did your team do specifically to help support
wireless charging applicationswith this WPC standard?
Libor Ukropec (07:26):
Mm-hmm.
First, we added support for these MWCTMCUs, like we do for other devices.
What's extra is the WPC support.
The Wireless Power Consortiumdivides the Qi standard.
Which includes support for authenticationand certification, and this ensures
(07:46):
that only verified compliant devices canaccess power from certified chargers.
Authentication helps prevent counterfitdevices from drawing power or causing
damage, while certification guaranteesinteroperability and safety across
different brands and products.
What we did in the SEC tool is weintegrated the NXP EdgeLock 2GO
(08:09):
service that provides the certificationand authentication services.
SEC tool is then capable to injectthe required certificates into the
development and production flow.
Kyle Dando (08:20):
Okay.
All right.
The SEC tool provides a user interfacethat enables that EdgeLock 2GO feature
for certification and authentication.
So I have learned in my time at NXP,that EdgeLock 2GO is super valuable.
Lots of customers want to integratethat into their products, but
it's difficult to implement.
So it sounds like, from whatyou're telling me, the SEC tool
(08:42):
is allowing more people to accessthis great service from NXP.
Libor Ukropec (08:46):
Yes, exactly.
For MWCT MCUs, we have enabledWPC support through EdgeLock 2GO.
But as you said, EdgeLock2GO offers much more.
It's a cloud-based service platformdesigned to securly provision and
manage IoT devices throughout theirentire lifecycle from manufacturing
(09:07):
to deployment and retirement.
It supports integration withAmazon IoT Core, Azure IoT Hub,
Matter certification, and more.
In short, EdgeLock 2GO letsyou securely manage your IoT
devices via a cloud dashboard.
You can register devices, signcredentials, like keys and certificates,
(09:29):
and monitor provisioning status.
But how are these keys,certificates, and other assets
securely transferred to the device?
You can either implement your ownclient using the EdgeLock 2GO REST
API, or you can use the SEC tool.
Just specify your access key and ProductId, and the rest is handled for you.
(09:50):
And all the magic happensbehind the scenes.
Bridgette Stone (09:53):
One last topic, and forgive my joke here.
When I first heard IPED, I thoughtwe were giving our microcontrollers
performance enhancing drugs!
But really what is IPED?
Not I-P-E-D.
And why is it importantfor the ever-changing world
of crypto and encryption?
Libor Ukropec (10:10):
Yes.
IPED has been addressed by theSEC tool for some time already.
And what is IPED?
In short, it's a hardware feature in someNXP MCUs that enables real time encryption
and decryption of data stored in externalflash memory using PRINCE block cipher.
It's especially useful for protectingsensitive code or data in embedded
(10:33):
systems as it operates transparentlyand with minimal performance overhead.
The 25.06 upgrade provides supportfor IPED on i.MX RT 700 MCUs.
Is it important to keep upwith ever changing world of
cryptography and encryption?
I would say absolutely yes.
Customers need to protect theirintellectual property, and it's
(10:54):
our responsibility to providestate-of-the-art solutions.
Security is constantly evolvingand we can't afford to stand still.
Bridgette Stone (11:02):
It makes total sense to me.
Protecting IP isn't optional anymore.
Libor, before we wrap up, wherecan listeners go to try out
the SEC tool for themselves?
Libor Ukropec (11:13):
Mm-hmm.
We have a marketing page wherepeople can learn more about the SEC
tool at nxp.com/mcuxpresso/secure.
And there is a great videoshowing how developers can use
the SEC tool in just 6-clicks.
Bridgette Stone (11:30):
Great.
We will make sure to put thoseURLs in our episode notes.
Kyle Dando (11:34):
All right.
Libor, thank you very much.
This has been a terrific update.
You've helped everyone listening tounderstand more about the SEC tool
than they ever thought was possible.
In today's environment designinga secure product is critical, and
your team has developed the SECtool to help meet this challenge.
This tool has a very easy to use graphicaluser interface, and designers can now
(11:59):
secure their IP by signing and encryptingthe software images in their products.
We then learned about a few valuableupdates that were in the recent
25.06 release of the SEC tool.
You've addressed customer feedbackthat you've received specifically
about the manufacturing tool andincreasing the logging capabilities.
You've added wireless power chargingdevice support for certification
(12:22):
and authentication using NXP'spopular EdgeLock 2GO solution.
And most important, the teamtirelessly is working to keep the SEC
tool current with the ever-changingcryptography and encryption standards.
Bridgette Stone (12:35):
Yes.
Thank you so much Libor forbeing with us today and making a
complex topic very approachable.
Libor Ukropec (12:41):
Sure.
It was actually more enjoyablethan I thought it would be.
Bridgette Stone (12:45):
Well, we are happy to have you and hope to get you back soon.
And for our listeners, don't forget toLike, Subscribe and turn on Notifications
so you never miss an episode.
And if you got a topic you'd lovefor us to cover, please let us know.
Kyle Dando (12:59):
Until next time, keep innovating, stay safe and
secure, and we'll catch you onthe next EdgeVerse Techcast.
Popular Podcasts
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
The Clay Travis and Buck Sexton Show
The Clay Travis and Buck Sexton Show. Clay Travis and Buck Sexton tackle the biggest stories in news, politics and current events with intelligence and humor. From the border crisis, to the madness of cancel culture and far-left missteps, Clay and Buck guide listeners through the latest headlines and hot topics with fun and entertaining conversations and opinions.
The Charlie Kirk Show
Charlie is America's hardest working grassroots activist who has your inside scoop on the biggest news of the day and what's really going on behind the headlines. The founder of Turning Point USA and one of social media's most engaged personalities, Charlie is on the front lines of America’s culture war, mobilizing hundreds of thousands of students on over 3,500 college and high school campuses across the country, bringing you your daily dose of clarity in a sea of chaos all from his signature no-holds-barred, unapologetically conservative, freedom-loving point of view. You can also watch Charlie Kirk on Salem News Channel