When we use LPC55Sxx PRINCE feature, we need enable PRINCE sub-region “crypto” by setting SR_ENABLE register. If we “crypto” enable discontinuous sub-regions and erase part of them, we may find we can’t erase/read/write other “crypto” sub-regions any more. This article will discuss how to resolve this phenomenon.
Figure 1
- Testing Steps
According to LPC55Sxx UM, each PRINCE region has its SR_ENABLEx register. This register enables PRINCE encryption and decryption of data for each sub-region of crypto region 0. Each bit in this field enables a sub-region of crypto region 0 at offset 8kB*n, where n is the bit number. For example, when we set SR_ENABLE0=0X00000005, PRINCE region 0 sub-region 1 and sub-region 3 are set as encryption region. When read data out from these sub-regions, PRINCE will decrypt the data automatically.
Now we will test discontinuous sub-region erase/read/write.
Board: LPC55S16-EVK
IDE: Keil MDK v5.29
Step 1: PRINCE initialization: Enable PRINCE region 0 and two discontinuous sub-regions; generate key, IV code; enable crypto.
//set SR_ENABLE,SR_ENABLE=0X28000000,enable sub-regions(0x30000-0x32000,0x34000-0x36000) crypto。
status=PRINCE_SetRegionSREnable(PRINCE(prince_region_t)region0,0X28000000);
//select PRINCE crypto for region0
PRINCE_SetRegionBaseAddress(PRINCE_Type*base,prince_region_tregion0,uint32_t0X0)
//generate PRINCE region0 crypto key
Status=FFR_KeystoreGetKC(&flashInstance,&keyCode[0],kFFR_KeyTypePrinceRegion0);
status=PUF_GetHwKey(PUF,keyCode,sizeof(keyCode),kPUF_KeySlot2, rand());
//generate PRINCE region0 crypto IV_code
status=PRINCE_GenNewIV(kPRINCE_Region0,&prince_iv_code[0],true,&flashInstance)
//load IV code to PRINCE
status=PRINCE_LoadIV(kPRINCE_Region0,&prince_iv_code[0])
//enable PRINCE encryption
PRINCE_EncryptEnable(PRINCE)
Step 2: Select two discontinuous sub-regions ( 0x30000-0x32000,0x34000-0x36000). Erase one of them (0x30000-0x32000), then write data to this sub-region.
Output: Erasing and Writing are all successful. See Figure 2.
//Erase 0x30000-0x32000 sub-region
status=PRINCE_FlashEraseWithChecker(&flashInstance,0x30000,0x2000,kFLASH_ApiEraseKey);
//Write 0x30000-0x32000 sub-region
status=PRINCE_FlashProgramWithChecker(&flashInstance,0x30000,(uint8_t *)prince_iv_code,0x2000);
Step 3: Erase and Write the other sub-region ( 0x34000-0x36000 )
Output: Erasing and Writing are failed. See Figure 2.
//Erasing 0x34000-0x36000 sub-region
status=PRINCE_FlashEraseWithChecker(&flashInstance,0x34000, 0x2000,kFLASH_ApiEraseKey);
//Write 0x34000-0x36000 sub-region
status=PRINCE_FlashProgramWithChecker(&flashInstance,0x34000, (uint8_t *)prince_iv_code,0x2000);
- Error Analysis
According to UM11126(49.16.1 Functional details), each crypto region has its own SKEY and IV code. SKEY and IV are used together by the PRINCE when encrypting or decrypting the data in the sub-regions of crypto region.
For Instance, For PRINCE region1, each time after we execute erasing operation, new Skey1 and IV1 are generated, thus when executing erase/read/write operation to another sub-region, the old IV1 and new IV1 don’t match, which causes PRINCE can’t decrypt correctly.
- Suggestion
We suggest user using SR_ENABLE to set continuous crypto sub-regions. When erasing operation is needed, erasing all the crypto sub-regions together, avoid erasing part of the sub-regions. One sub-region size is 8K, make sure the erasing/writing address 8K aligned.
Thanks for the suggestion from johnwu
