S32N55 HSE2 - Debug Authorization Challenge-Response Algorithm Details

EddiePark — Thu, 07 May 2026 09:17:29 GMT

Hello,

We have successfully provisioned the ADKP (32 bytes) on S32N55 using HSE_FW_S32N5_1_0_24_0 via HSE_OTP_FOEM_ADKP_ATTR_ID SetAttribute service, and confirmed it is programmed via GetAttribute (returns SHA3_384 reference, E_OK).

Now we need to implement the Challenge-Response debug authorization algorithm for S32N55 without using a smart card (volkano.exe requires smart card which we do not have).

We would like to implement this in Python (similar to our S32K3xx implementation) by directly computing the response.

---

## Environment

- Platform: S32N55 EVB
- HSE FW Version: HSE_FW_S32N5_1_0_24_0
- GrayVIP Version: SW32N5_GRAYVIP_1_0_22_0
- Debug Tool: TRACE32 (Lauterbach)

---

## S32K3xx Challenge-Response Algorithm (Our Working Implementation)

```python
# S32K3xx - Working implementation
def ChallengeResponse(ADKP, UID, Challenge):
# 1. Hash UID (64-bit)
HUID = SHA256(UID) # 32 bytes
# 2. Hash ADKP master (16 bytes)
ADKPM = SHA256(ADKP) # 32 bytes
# 3. Derive ADKP using AES-128-ECB
dADKP = AES128_ECB_ENC(key=ADKPM, data=HUID[0:16]) # 16 bytes
# 4. Compute Response using AES-128-ECB
Response = AES128_ECB_ENC(key=dADKP, data=Challenge) # 16 bytes
return Response

Key parameters:
ADKP size : 16 bytes (AES-128)
UID size : 64-bit (2 x 32-bit words)
Challenge : 128-bit (16 bytes)
Response : 128-bit (16 bytes)
```

---

## S32N55 Key Differences

1. ADKP size : 32 bytes (HSE_OTP_FOEM_KEY_SIZE = 32U in hse_srv_attr.h)
2. UID size : 128-bit (vs 64-bit in S32K3xx)
3. Debug I/F : CoreSight SDC-600 (CHIP.SecureChallenge() in TRACE32)

---

## Critical Questions

### 1. Challenge Size
Is the Challenge size on S32N55 16 bytes (128-bit) or 32 bytes (256-bit)?

S32K3xx: Challenge = 128-bit (16 bytes)
S32N55: Challenge = ??? bytes

This determines how many CHIP.SecureChallenge() indices are used for the Challenge:

CHIP.SecureChallenge(0) = UID[63:0]
CHIP.SecureChallenge(1) = UID[127:64]
CHIP.SecureChallenge(2) = Challenge word 0
CHIP.SecureChallenge(3) = Challenge word 1
CHIP.SecureChallenge(4) = Challenge word 2 ← only if Challenge > 128-bit
CHIP.SecureChallenge(5) = Challenge word 3 ← only if Challenge > 256-bit

Could you please confirm the exact index mapping for CHIP.SecureChallenge() on S32N55?

### 2. Hash Algorithm for UID
Is SHA256 still used for UID hashing on S32N55 (128-bit UID)?

S32K3xx: HUID = SHA256(UID_64bit) → 32 bytes
S32N55: HUID = SHA256(UID_128bit)? → 32 bytes
or SHA3_384(UID_128bit)? → 48 bytes

### 3. AES Mode
Since ADKP is 32 bytes on S32N55, is AES-256-ECB used instead of AES-128-ECB?

S32K3xx: AES-128-ECB (16-byte key)
S32N55: AES-256-ECB (32-byte key)?

### 4. Derivation Algorithm
Is the overall derivation algorithm the same as S32K3xx?

Proposed S32N55 algorithm:
HUID = SHA256(UID_128bit) # 32 bytes
ADKPM = SHA256(ADKP_32bytes) # 32 bytes
dADKP = AES256_ECB_ENC(key=ADKPM,
data=HUID) # 32 bytes
Response = AES256_ECB_ENC(key=dADKP,
data=Challenge) # 32 bytes

Is this correct?

### 5. Response Format
How is the Response sent to S32N55 via TRACE32?

SYStem.Option KEYCODE %Byte <response_bytes>

What is the expected byte order (little endian / big endian)?

### 6. Debug Authorization Mode
Which attribute controls the Challenge-Response vs Password mode?

HSE_OTP_APP_DEBUG_AUTH_MODE_ATTR_ID (63U) - OTP fuse based
HSE_APP_DEBUG_AUTH_MODE_ATTR_ID (106U) - NVM based

Is there anything that needs to be configured before the Challenge-Response can work?

---

A complete Python implementation or pseudocode for S32N55 Challenge-Response would be greatly appreciated.

Thank you.

Re: S32N55 HSE2 - Debug Authorization Challenge-Response Algorithm Details

alejandro_e — Fri, 08 May 2026 00:48:06 GMT

Hello again @EddiePark,

The only current implementation I was able to find is by using a smart card, for example with the TRACE32 version we use internally the only cmm script for secure debugging requires an smart card to be installed.

As I mentioned a different conversation we had, my expertise regarding the S32N55 (an the expertise of other engineers that take care of the community) is very limited since the chips has not been completely released yet. Furthermore the documentation is still being actively worked on a regular basis and all the information is subject to change.

Now, regarding the challenge-response, please check the HSE API Reference manual, in particular section 17 HSE Debug Authorization Protocol, there you can see all the technical details. You can also check the S32N5 Security Reference Manual, particularly Chapter 21 Secure Debug, note that this last reference is a secure document and you will need to contact your NXP representative to get access to it. You should be able to get all the information you require in the API reference manual.

Please note that the S32K3 uses HSE (1) and the S32N55 uses HSE2 the process might not be translatable, I don't know the details on how the S32K3 challenge-response works, however, it has a very different architecture, particularly considering the existence of debug domains in the S32N55 and all the isolation configurations available, which are not present in the S32K3.

Regarding your final question, we do not have a python implementation nor a pseudo-code description on how to perform the challenge-response, for now the only delivered solution is the cmm script I mentioned above.

Please let me know if you need more information.

topic Re: S32N55 HSE2 - Debug Authorization Challenge-Response Algorithm Details in S32K

S32N55 HSE2 - Debug Authorization Challenge-Response Algorithm Details

Re: S32N55 HSE2 - Debug Authorization Challenge-Response Algorithm Details