Does it is possible to enroll and set key multiple time on LPC55S09?

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Does it is possible to enroll and set key multiple time on LPC55S09?

1,552 次查看
Aurelien_Grange
Contributor III

Hi,

We have made some test of robustness to configure/write CFPA / CMPA / PRINCE / SBKEK / SB_FILE multiple times on LPC5S06 on LPC55S06-EVK dev board.

Each time we increase CFPA version (others datas are not modify).

But know we are not able to send SB file (commands always fail).

Does-it is possible to change multiple time SBKEK strored on non volatile memory?

Why does it fail?

 

I join the return of BLHOST.exe when I send command to update sb file.

I send this command :

### Key provisioning enroll ###

blhost -t 5000 -p COM2,57600 -j -- key-provisioning enroll

### Write KEK key used for SB file ###

blhost -t 5000 -p COM2,57600 -j -- key-provisioning set_user_key 3 "sbkek.bin"

### Generate random key for PRINCE region 0 ###

blhost -t 5000 -p COM2,57600 -j -- key-provisioning set_key 7 16

### Generate random key for PRINCE region 1 ###

blhost -t 5000 -p COM2,57600 -j -- key-provisioning set_key 8 16

### Generate random key for PRINCE region 2 ###

blhost -t 5000 -p COM2,57600 -j -- key-provisioning set_key 9 16

### Write Key-Store to internal Flash ###

blhost -t 5000 -p COM2,57600 -j -- key-provisioning write_key_nonvolatile 0

### Write Customer Field Programmable Area [CFPA] ###

blhost -t 5000 -p COM2,57600 -j -- write-memory 0x0003DE00 "cfpa.bin"

### Configure PRINCE to encrypt region Region 0 ###

blhost -t 5000 -p COM2,57600 -- fill-memory 0x2000BF00 4 0x50000000

blhost -t 5000 -p COM2,57600 -- fill-memory 0x2000BF04 4 0x00000000

blhost -t 5000 -p COM2,57600 -- fill-memory 0x2000BF08 4 0x00038000

blhost -t 5000 -p COM2,57600 -- configure-memory 0 0x2000BF00

### Write NON-SEALED Customer Manufacturing/Factory Programmable Area [CMPA] ###

blhost -t 5000 -p COM2,57600 -j -- write-memory 0x0003E400 "cmpa.bin"

### Update bootable image using SB2 capsule ###

blhost -t 5000 -p COM2,57600 -- receive-sb-file "sb_66070899AA_v01.01.sb"

 

标签 (1)
0 项奖励
回复
3 回复数

1,505 次查看
Aurelien_Grange
Contributor III

Hi, I send you files.

Does version is a counter (we can increment by 1) or does it is a bit field (need to add an extra 1 bit).

0 项奖励
回复

1,548 次查看
Aurelien_Grange
Contributor III

After some attemps, it will work again when CFPA version  is equal to 0x20.

We stop our test waitting your return.

Have a good days.

0 项奖励
回复

1,511 次查看
diego_charles
NXP TechSupport
NXP TechSupport

HI @Aurelien_Grange 

I hope you are doing excellent.

Thanks for the sharing.

Puf can be enrolled multiple times. Altougth you can store keycodes on the PFR and update the CMPA and CFPA several times I am checking if there is any limitation on this. 

Btw, could you share with us your CFPA and CMPA ymls?

All the best, 

Diego

 

 

0 项奖励
回复