<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: S32K3 certificate storage in S32K</title>
    <link>https://community.nxp.com/t5/S32K/S32K3-certificate-storage/m-p/1936569#M39859</link>
    <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/239119"&gt;@JiayuZhou&lt;/a&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The CertificateParse and CertificateVerify functionalities are not implemented, as Certificate handling via HSE-B is not done directly.&amp;nbsp;It can fill-in a certificate signing request (CSR) that is pre-formatted by the host. By this the host just needs to provide the pointers to the key values that must be located within the CSR.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;To provide a certificate as shown in the image you share, HSE supports the option to "import standard key certificates", in this case the key container of the Key to be imported is formatted according to a standard certificate format. To properly import the key the host just needs to provide the pointers to the key values and container within the certificate.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;To keep a certificate valid, most of them will have an expiration date and that means that the certification must be updated in order to keep being valid or to provide a more secure way of authenticating the identity of the organization/user. This depends on the certificate itself and the company that validates the corresponding certificate.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;BR, VaneB&lt;/P&gt;</description>
    <pubDate>Tue, 20 Aug 2024 16:30:28 GMT</pubDate>
    <dc:creator>VaneB</dc:creator>
    <dc:date>2024-08-20T16:30:28Z</dc:date>
    <item>
      <title>S32K3 certificate storage</title>
      <link>https://community.nxp.com/t5/S32K/S32K3-certificate-storage/m-p/1934602#M39759</link>
      <description>&lt;P&gt;&lt;LI-PRODUCT title="S32K3" id="S32K3"&gt;&lt;/LI-PRODUCT&gt;&amp;nbsp;&amp;nbsp;&lt;/P&gt;&lt;P&gt;For S32K3，I find certificates can't store in HSM, only can store the key in HSM, the certificate still store in user core.&lt;/P&gt;&lt;P&gt;So, I have two questions:&lt;/P&gt;&lt;P&gt;1. Whether is HSM not support to certificate storage, update and verify?&lt;/P&gt;&lt;P&gt;2. Whether is MCAL not support to certificate parsing?&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JiayuZhou_0-1724030649113.png" style="width: 400px;"&gt;&lt;img src="https://community.nxp.com/t5/image/serverpage/image-id/293691iB0EFC04EB0CDB10F/image-size/medium?v=v2&amp;amp;px=400" role="button" title="JiayuZhou_0-1724030649113.png" alt="JiayuZhou_0-1724030649113.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 19 Aug 2024 01:31:15 GMT</pubDate>
      <guid>https://community.nxp.com/t5/S32K/S32K3-certificate-storage/m-p/1934602#M39759</guid>
      <dc:creator>JiayuZhou</dc:creator>
      <dc:date>2024-08-19T01:31:15Z</dc:date>
    </item>
    <item>
      <title>Re: S32K3 certificate storage</title>
      <link>https://community.nxp.com/t5/S32K/S32K3-certificate-storage/m-p/1936569#M39859</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/239119"&gt;@JiayuZhou&lt;/a&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The CertificateParse and CertificateVerify functionalities are not implemented, as Certificate handling via HSE-B is not done directly.&amp;nbsp;It can fill-in a certificate signing request (CSR) that is pre-formatted by the host. By this the host just needs to provide the pointers to the key values that must be located within the CSR.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;To provide a certificate as shown in the image you share, HSE supports the option to "import standard key certificates", in this case the key container of the Key to be imported is formatted according to a standard certificate format. To properly import the key the host just needs to provide the pointers to the key values and container within the certificate.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;To keep a certificate valid, most of them will have an expiration date and that means that the certification must be updated in order to keep being valid or to provide a more secure way of authenticating the identity of the organization/user. This depends on the certificate itself and the company that validates the corresponding certificate.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;BR, VaneB&lt;/P&gt;</description>
      <pubDate>Tue, 20 Aug 2024 16:30:28 GMT</pubDate>
      <guid>https://community.nxp.com/t5/S32K/S32K3-certificate-storage/m-p/1936569#M39859</guid>
      <dc:creator>VaneB</dc:creator>
      <dc:date>2024-08-20T16:30:28Z</dc:date>
    </item>
    <item>
      <title>Re: S32K3 certificate storage</title>
      <link>https://community.nxp.com/t5/S32K/S32K3-certificate-storage/m-p/1936811#M39876</link>
      <description>thanks for your reply. Besides, I want to know whether HSE can parse certificates. And I understand that only the key of certificate and the pointer of certificate stored in HSE, the whole of certificate is not stored in HSE, right? Whether HSE can verify the validity of the certificate?</description>
      <pubDate>Wed, 21 Aug 2024 01:26:02 GMT</pubDate>
      <guid>https://community.nxp.com/t5/S32K/S32K3-certificate-storage/m-p/1936811#M39876</guid>
      <dc:creator>JiayuZhou</dc:creator>
      <dc:date>2024-08-21T01:26:02Z</dc:date>
    </item>
    <item>
      <title>Re: S32K3 certificate storage</title>
      <link>https://community.nxp.com/t5/S32K/S32K3-certificate-storage/m-p/1937739#M39934</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/239119"&gt;@JiayuZhou&lt;/a&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;CertificateParse and CertificateVerify functionalities are not currently implemented, so there is no support. Unfortunately, there is no timeline or plan to include direct support.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;The whole of certificate is not stored in HSE, right?&lt;/STRONG&gt; Yes, only the keys are stored.&lt;/P&gt;</description>
      <pubDate>Wed, 21 Aug 2024 20:06:30 GMT</pubDate>
      <guid>https://community.nxp.com/t5/S32K/S32K3-certificate-storage/m-p/1937739#M39934</guid>
      <dc:creator>VaneB</dc:creator>
      <dc:date>2024-08-21T20:06:30Z</dc:date>
    </item>
  </channel>
</rss>

