S32G secure boot issue

liyan — Fri, 24 Mar 2023 09:05:57 GMT

For previous board, like IMX6/P4080/T2080, when secure boot enabled, the hash value of the public key which is used to verify bootloader would be burned to the fuse, so that attacker cannot use its own key pair to tamper with it.

I can't find similar operation for S32G board, how should the public key be protected ？

And the secure boot switch "BOOT_SEQ" is stored in IVT table, I assume it is protected by the GMAC vlaue of IVT table ,but where is the key which used to generate GMAC value stored，is it burn to fuse ? could you please help to clarify it, thank you very much.

Re: S32G secure boot issue

Daniel-Aguirre — Fri, 24 Mar 2023 19:53:56 GMT

Hi,

HSE related information is confidential, for which we recommend opening a ticket under NXP online service or contacting your local NXP representative for more information.

As to the "BOOT_SEQ", it is a flag that is tell the system if the HSE FW is to be run or not. The Key is to be managed inside the HSE FW, BOOT_SEQ just tells the system that it will follow the secure boot using HSE.

Please, let us know.

S32GのトピックRe: S32G secure boot issue

S32G secure boot issue

Re: S32G secure boot issue