https://community.nxp.com/t5/Wireless-MCU/RW612-secure-provisioning/m-p/2037348#M19478 <P><SPAN class=""><SPAN class="">Hi everyone! </SPAN></SPAN></P><P><SPAN class=""><SPAN class="">I started working with RW612 and I think I read all documentation related to RW612 (User manual, User guides, Application Notes, Videos, etc...). There is at least one area that it is very hard for me to understand, could You explain to me how it works? </SPAN></SPAN></P><P><SPAN class=""><SPAN class="">When I want to securely provision device, I can use MCUXpresso Provisioning Tool or nxpdevhsm from SPSDK tools to generate secure software package (SB packages). To generate secure image I have to use one, random board with RW612 (i.e. frdm_rw612). That secure image is authenticated (signed with private key bonded with RoT keys hash burned in OTP memory) and encrypted (it is done using CUST_MK_SK fuses). All of this infos are mentioned here <A href="https://www.nxp.com/company/about-nxp/smarter-world-videos/IMP-DEV-HSM-VID" target="_blank" rel="noopener">https://www.nxp.com/company/about-nxp/smarter-world-videos/IMP-DEV-HSM-VID</A> and here <A href="https://www.youtube.com/watch?v=UrUsczq19Iw" target="_blank" rel="noopener">https://www.youtube.com/watch?v=UrUsczq19Iw</A> .<BR /></SPAN></SPAN></P><P><SPAN class=""><SPAN class="">That secure software then can be send to my manufacturer who flashes devices. Then I can securely provision <STRONG>ANY</STRONG> of my custom RW612 boards. Tbh, I don't understand how it is handled, that using just one eval board, I can then provision any RW612 and there is no vector for man-in-the-middle attack. </SPAN></SPAN></P><P><SPAN class=""><SPAN class="">Every RW612 has its own PUF, all its keys are uniqually wrapped depending on PUF and its CKDF, but still I am able to securerly pass OEM keys to device and manufacturer can't modify it. What is common ingredient X for every RW612 that I can provision any board using just one software package? </SPAN></SPAN></P><P><SPAN class=""><SPAN class="">Is NXP loading symmetric key during NXP provisioning process that allows to decode my secure software package? If yes, what will happen if that key will be breached? If there is any option to flash my 'generic' devices using my own, custom solution or I have to rely on NXP solution?</SPAN></SPAN></P> Mon, 03 Feb 2025 17:32:11 GMT Maciej_Jj 2025-02-03T17:32:11Z https://community.nxp.com/t5/Wireless-MCU/RW612-secure-provisioning/m-p/2037348#M19478 <P><SPAN class=""><SPAN class="">Hi everyone! </SPAN></SPAN></P><P><SPAN class=""><SPAN class="">I started working with RW612 and I think I read all documentation related to RW612 (User manual, User guides, Application Notes, Videos, etc...). There is at least one area that it is very hard for me to understand, could You explain to me how it works? </SPAN></SPAN></P><P><SPAN class=""><SPAN class="">When I want to securely provision device, I can use MCUXpresso Provisioning Tool or nxpdevhsm from SPSDK tools to generate secure software package (SB packages). To generate secure image I have to use one, random board with RW612 (i.e. frdm_rw612). That secure image is authenticated (signed with private key bonded with RoT keys hash burned in OTP memory) and encrypted (it is done using CUST_MK_SK fuses). All of this infos are mentioned here <A href="https://www.nxp.com/company/about-nxp/smarter-world-videos/IMP-DEV-HSM-VID" target="_blank" rel="noopener">https://www.nxp.com/company/about-nxp/smarter-world-videos/IMP-DEV-HSM-VID</A> and here <A href="https://www.youtube.com/watch?v=UrUsczq19Iw" target="_blank" rel="noopener">https://www.youtube.com/watch?v=UrUsczq19Iw</A> .<BR /></SPAN></SPAN></P><P><SPAN class=""><SPAN class="">That secure software then can be send to my manufacturer who flashes devices. Then I can securely provision <STRONG>ANY</STRONG> of my custom RW612 boards. Tbh, I don't understand how it is handled, that using just one eval board, I can then provision any RW612 and there is no vector for man-in-the-middle attack. </SPAN></SPAN></P><P><SPAN class=""><SPAN class="">Every RW612 has its own PUF, all its keys are uniqually wrapped depending on PUF and its CKDF, but still I am able to securerly pass OEM keys to device and manufacturer can't modify it. What is common ingredient X for every RW612 that I can provision any board using just one software package? </SPAN></SPAN></P><P><SPAN class=""><SPAN class="">Is NXP loading symmetric key during NXP provisioning process that allows to decode my secure software package? If yes, what will happen if that key will be breached? If there is any option to flash my 'generic' devices using my own, custom solution or I have to rely on NXP solution?</SPAN></SPAN></P> Mon, 03 Feb 2025 17:32:11 GMT https://community.nxp.com/t5/Wireless-MCU/RW612-secure-provisioning/m-p/2037348#M19478 Maciej_Jj 2025-02-03T17:32:11Z https://community.nxp.com/t5/Wireless-MCU/RW612-secure-provisioning/m-p/2037352#M19479 <P>Also I understand that we for SB images encryption we use CUST_MK_SK, but how this symmetric key is distributed securely on every device? Using SB provisioning image? Is provisioning image using different symmetric key (i.e. NXP provisioning key)? Or devices we burn CUST_MK_SK fuses for each MCU manually?</P><P>&nbsp;</P><P>Any help would be appreciated!</P> Mon, 03 Feb 2025 17:38:51 GMT https://community.nxp.com/t5/Wireless-MCU/RW612-secure-provisioning/m-p/2037352#M19479 Maciej_Jj 2025-02-03T17:38:51Z https://community.nxp.com/t5/Wireless-MCU/RW612-secure-provisioning/m-p/2037919#M19486 <P>Hello,</P> <P>&nbsp;</P> <P>Hope you are doing well. The feature of device HSM and provisioning is described on the "MCUXpresso Secure Provisioning Tool User Guide v.10".</P> <P>&nbsp;</P> <P>Could you please check this information?</P> <P>&nbsp;</P> <P>Please refer to sections 5.1.8.1, 6.9.4.4 and 6.9.4.5.</P> <P>&nbsp;</P> <P>Best Regards,</P> <P>Ricardo</P> Tue, 04 Feb 2025 18:28:53 GMT https://community.nxp.com/t5/Wireless-MCU/RW612-secure-provisioning/m-p/2037919#M19486 Ricardo_Zamora 2025-02-04T18:28:53Z