https://community.nxp.com/t5/LPC-Microcontrollers/Likely-a-bug-in-HashCrypt-in-TZ/m-p/1590848#M51471 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/27788">@Alice_Yang</a>&nbsp;,</P><P>&nbsp;</P><P>Thanks for your comment!</P><P>After adding code right next to resetting the peripheral in HASHCRYPT_Init() function, it works perfectly!</P><LI-CODE lang="c">void HASHCRYPT_Init(HASHCRYPT_Type *base) { #if !(defined(FSL_SDK_DISABLE_DRIVER_CLOCK_CONTROL) &amp;&amp; FSL_SDK_DISABLE_DRIVER_CLOCK_CONTROL) CLOCK_EnableClock(kCLOCK_HashCrypt); #endif /* FSL_SDK_DISABLE_DRIVER_CLOCK_CONTROL */ RESET_PeripheralReset(kHASHCRYPT_RST_SHIFT_RSTn); // From NXP forum HASHCRYPT-&gt;LOCK = HASHCRYPT-&gt;LOCK | ((0x0A75&lt;&lt;4) | 0x1); }</LI-CODE><P>&nbsp;</P><P>Hope this snippet of code would be helpful to those who want to use cryptographic functions in a secure world.</P><P>&nbsp;</P><P>Thanks!</P> Tue, 31 Jan 2023 23:32:06 GMT mat1024 2023-01-31T23:32:06Z https://community.nxp.com/t5/LPC-Microcontrollers/Likely-a-bug-in-HashCrypt-in-TZ/m-p/1588506#M51405 <P>Hi,</P><P>&nbsp;</P><P><STRONG>Environment</STRONG></P><LI-CODE lang="markup">Board: LPC55s69 SDK version: 2.12.0 SW: MCUXPresso IDE</LI-CODE><P>&nbsp;</P><P>I was trying to exploit <STRONG>ECDSA sign/verify functions</STRONG> in <STRONG>secure memory</STRONG>, so I ported "lpcxpresso55s69_mbedtls_benchmark" project in SDK 2.12.0 to my TZ project.</P><P>&nbsp;</P><P>&nbsp;</P><P>I found that when I use those functions in applications in secure world, <STRONG>it was always stuck</STRONG> in '<SPAN><STRONG>hashcrypt_sha_finalize</STRONG>' or '<STRONG>hashcrypt_sha_process_message_data</STRONG>'&nbsp; functions, specifically in this while loop,</SPAN></P><LI-CODE lang="c">while (0U == (base-&gt;STATUS &amp; HASHCRYPT_STATUS_DIGEST_MASK)) { }</LI-CODE><P>The status here was set to <STRONG>5</STRONG> when I tried in <STRONG>secure world</STRONG>, but it was <STRONG>3</STRONG> when I tried in<STRONG> normal work</STRONG>, <STRONG>where the code worked fine</STRONG>.</P><P>To clarify why this happens, <STRONG>I changed the MEMADDR</STRONG> where the message was given to <STRONG>any non-secure RAM</STRONG> and <STRONG>it worked well</STRONG>, which probably means that this is not the configuration issue, but the hardware/software bug using secure RAM.</P><LI-CODE lang="c">// base-&gt;MEMADDR = HASHCRYPT_MEMADDR_BASE(message); base-&gt;MEMADDR = 0x2001bd4c;</LI-CODE><P>&nbsp;</P><P>Would anybody help me to figure this out in more detail?</P><P>Here is the original question I posted a few days before.</P><P><A href="https://community.nxp.com/t5/LPC-Microcontrollers/Question-about-Hashcrypt-in-LPC55S69/m-p/1586892#M51358" target="_blank">https://community.nxp.com/t5/LPC-Microcontrollers/Question-about-Hashcrypt-in-LPC55S69/m-p/1586892#M51358</A></P><P>&nbsp;</P><P>Thanks!</P> Thu, 26 Jan 2023 19:39:00 GMT https://community.nxp.com/t5/LPC-Microcontrollers/Likely-a-bug-in-HashCrypt-in-TZ/m-p/1588506#M51405 mat1024 2023-01-26T19:39:00Z https://community.nxp.com/t5/LPC-Microcontrollers/Likely-a-bug-in-HashCrypt-in-TZ/m-p/1590224#M51452 <P>Hello&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/204744">@mat1024</a>&nbsp;</P> <P>&nbsp;</P> <P>How about add code&nbsp;</P> <BLOCKQUOTE> <P><SPAN>HASHCRYPT-&gt;LOCK = HASHCRYPT-&gt;LOCK | ((0x0A75&lt;&lt;4) | 0x1);</SPAN></P> </BLOCKQUOTE> <P><SPAN>Because t</SPAN>he HASH-AES engine is unlocked by default. That means it will issue non-secure requests as AHB master, as shown below.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Alice_Yang_0-1675134717870.png" style="width: 400px;"><img src="https://community.nxp.com/t5/image/serverpage/image-id/208886i41840B624EA5B929/image-size/medium?v=v2&amp;px=400" role="button" title="Alice_Yang_0-1675134717870.png" alt="Alice_Yang_0-1675134717870.png" /></span></P> <P>&nbsp;</P> <P>So we cannot use it at secure state when it is unlocked. We must lock it at secure state if we want to use it at secure state.</P> <P>&nbsp;</P> <P>BR</P> <P>Alice</P> Tue, 31 Jan 2023 03:12:21 GMT https://community.nxp.com/t5/LPC-Microcontrollers/Likely-a-bug-in-HashCrypt-in-TZ/m-p/1590224#M51452 Alice_Yang 2023-01-31T03:12:21Z https://community.nxp.com/t5/LPC-Microcontrollers/Likely-a-bug-in-HashCrypt-in-TZ/m-p/1590848#M51471 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/27788">@Alice_Yang</a>&nbsp;,</P><P>&nbsp;</P><P>Thanks for your comment!</P><P>After adding code right next to resetting the peripheral in HASHCRYPT_Init() function, it works perfectly!</P><LI-CODE lang="c">void HASHCRYPT_Init(HASHCRYPT_Type *base) { #if !(defined(FSL_SDK_DISABLE_DRIVER_CLOCK_CONTROL) &amp;&amp; FSL_SDK_DISABLE_DRIVER_CLOCK_CONTROL) CLOCK_EnableClock(kCLOCK_HashCrypt); #endif /* FSL_SDK_DISABLE_DRIVER_CLOCK_CONTROL */ RESET_PeripheralReset(kHASHCRYPT_RST_SHIFT_RSTn); // From NXP forum HASHCRYPT-&gt;LOCK = HASHCRYPT-&gt;LOCK | ((0x0A75&lt;&lt;4) | 0x1); }</LI-CODE><P>&nbsp;</P><P>Hope this snippet of code would be helpful to those who want to use cryptographic functions in a secure world.</P><P>&nbsp;</P><P>Thanks!</P> Tue, 31 Jan 2023 23:32:06 GMT https://community.nxp.com/t5/LPC-Microcontrollers/Likely-a-bug-in-HashCrypt-in-TZ/m-p/1590848#M51471 mat1024 2023-01-31T23:32:06Z