FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Does nxpdebugmbox support debug authentication key length of 4096?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Does nxpdebugmbox support debug authentication key length of 4096?

‎05-28-2021 09:07 AM
1,781 Views
andrewfisher
Contributor III

I have finally got through all the hurdles to create a debug certificate and configure the chip to accept it.

However when I eventually use nxpdebugmbox to establish the link I get the following error

ERROR:DebugMBox:Start Debug Mailbox failed!
Device expects parameters of different length we can provide!
DEBUG:pyocd.core.session:uninit session <pyocd.core.session.Session object at 0x7f24060f9a60>
libusb: error [_open_sysfs_attr] open /sys/bus/usb/devices/yu/bConfigurationValue failed ret=-1 errno=2
Segmentation fault

I need to use 4096 bit keys in my application and according to app note AN13037 this is supported in the version 1.1. of the protocol.

Is "parameters" the error message referring to key length or something else?

 

Full transcript follows.

Note: these are test keys and credentials not the ones I will be using in the product

Note: paths obscure for privacy

(nxp_venv) xxx:~/work/nxp/sdebug$ sudo xxx/nxp_venv/bin/nxpdebugmbox -i pyocd -p 1.1 auth -b 0 -c xxx/keys/dck_rsa_4096.dc -k xxx/keys/dck_rsa_4096.pem

INFO:DebugMBox:Starting Debug Authentication
DEBUG:pypemicro.pemicro:Opened PEMicro library: xxx/nxp_venv/lib/python3.8/site-packages/pypemicro/libs/Linux/unitacmp-64.so
  #   Interface   Id         Description                                    
----------------------------------------------------------------------------
  0   PyOCD       DTAXBQCQ   NXP Semiconductors LPC-LINK2 CMSIS-DAP V5.224  
DEBUG:spsdk.debuggers.debug_probe_pyocd:The SPSDK PyOCD Interface has been initialized
DEBUG:pyocd.core.session:Project directory: xxx
DEBUG:pyocd.probe.pydapaccess.dap_access_cmsis_dap:CMSIS-DAP probe DTAXBQCQ firmware version: 1.10
DEBUG:pyocd.utility.sequencer:Running task pre_connect
DEBUG:pyocd.utility.sequencer:Running task dp_init
DEBUG:pyocd.utility.sequencer:Running task get_probe_capabilities
DEBUG:pyocd.utility.sequencer:Running task connect
DEBUG:pyocd.coresight.dap:Default wire protocol selected; using SWD
DEBUG:pyocd.probe.swj:Sending deprecated SWJ sequence to select SWD
INFO:pyocd.coresight.dap:DP IDR = 0x6ba02477 (v2 rev6)
DEBUG:pyocd.utility.sequencer:Running task clear_sticky_err
DEBUG:pyocd.utility.sequencer:Running task power_up_debug
DEBUG:pyocd.utility.sequencer:Running task check_version
DEBUG:pyocd.utility.sequencer:Running task create_discoverer
DEBUG:pyocd.utility.sequencer:Running task discovery
DEBUG:pyocd.utility.sequencer:Running task find_aps
DEBUG:pyocd.utility.sequencer:Running task create_aps
DEBUG:pyocd.utility.sequencer:Running task create_ap.2
INFO:pyocd.coresight.ap:AP#2 IDR = 0x002a0000 (AP var0 rev0)
DEBUG:pyocd.utility.sequencer:Running task find_components
DEBUG:pyocd.utility.sequencer:Running task create_cores
DEBUG:pyocd.utility.sequencer:Running task halt_on_connect
DEBUG:pyocd.utility.sequencer:Running task post_connect
DEBUG:pyocd.utility.sequencer:Running task post_connect_hook
DEBUG:pyocd.utility.sequencer:Running task notify
INFO:spsdk.debuggers.debug_probe_pyocd:PyOCD connected via LPC-LINK2 CMSIS-DAP V5.224 probe.
DEBUG:spsdk.debuggers.debug_probe_pyocd:Found debug mailbox AP#2
WARNING:spsdk.debuggers.debug_probe_pyocd:The memory interface not found - probably locked device
DEBUG:spsdk.dat.debug_mailbox:Reset mode: True
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0000_0010
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x801a_0000
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x001a_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x0001_0001
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0019_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x0000_0001
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0018_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x0000_0000
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0017_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x0000_0000
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0016_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x0000_0000
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0015_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x0000_0000
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0014_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x0000_000f
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0013_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0xdbf0_57e8
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0012_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x0d7d_32db
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0011_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x94a3_6437
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0010_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0xe47e_2178
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x000f_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0xde21_dafc
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x000e_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0xfb09_6155
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x000d_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0xcd57_4fe9
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x000c_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0xf8e6_0822
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x000b_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x0000_00c0
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x000a_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x0000_00c0
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0009_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x0000_0000
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0008_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0xa0f0_c949
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0007_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x567e_122d
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0006_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x8f56_6802
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0005_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0xf916_a89d
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0004_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0xbe16_55e1
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0003_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0xefdd_39e2
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0002_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0xd0cd_cbcd
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0001_a5a5
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0xc152_b408
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0000_a5a5
DEBUG:DebugMBox:DAC: 
Version                : 1.1
SOCC                   : 1
UUID                   : 00000000000000000000000000000000
CC_VU                  : 0
ROTID_rkh_revocation   : 0000000F
ROTID_rkth_hash        : e857f0dbdb327d0d3764a39478217ee4fcda21de556109fbe94f57cd2208e6f8
CC_soc_pinned          : 000000C0
CC_soc_default         : 000000C0
Challenge              : 49c9f0a02d127e560268568f9da816f9e15516bee239ddefcdcbcdd008b452c1

DEBUG:DebugMBox:DAR:
DAC:
Version                : 1.1
SOCC                   : 1
UUID                   : 00000000000000000000000000000000
CC_VU                  : 0
ROTID_rkh_revocation   : 0000000F
ROTID_rkth_hash        : e857f0dbdb327d0d3764a39478217ee4fcda21de556109fbe94f57cd2208e6f8
CC_soc_pinned          : 000000C0
CC_soc_default         : 000000C0
Challenge              : 49c9f0a02d127e560268568f9da816f9e15516bee239ddefcdcbcdd008b452c1

DC:
Version : 1.0
SOCC    : 1
UUID    : 00000000000000000000000000000000
CC_SOCC : 0x3ff
CC_VU   : 0x0
BEACON  : 0

Authentication Beacon: 0

DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x016c_0011
DEBUG:spsdk.dat.debug_mailbox:-> spin_read:  0x022c_a5a5
ERROR:DebugMBox:Start Debug Mailbox failed!
Device expects parameters of different length we can provide!
DEBUG:pyocd.core.session:uninit session <pyocd.core.session.Session object at 0x7f24060f9a60>
libusb: error [_open_sysfs_attr] open /sys/bus/usb/devices/yu/bConfigurationValue failed ret=-1 errno=2
Segmentation fault

 

0 Kudos
Reply
9 Replies

‎06-01-2021 04:41 AM
1,762 Views
andrewfisher
Contributor III

Hello,

I have received an email request to provide the product / application name. I am not sure where to send replies as it was from a no-reply email address.

I’m not quite sure what you mean by product/application name. I haven’t had any direct meetings with NXP or FAEs. The product is a family of security devices to be launched soon (hence working on secure debug and secure fw update etc.) the company is Secure Design Ltd. http://www.secure-design.com/

I am not in a position to share the application code but in this case I am simply using simple LED Blinky example from the boards SDK to work through the App Note AN13037 and AN1283 (together with reading loads more of the inter related documents).

I am using:

  • LPCXpresso55s28 - rev a2 dev board
  • MCUXpresso 11.3.1
  • Ubuntu 20.04.2 LTS

 

0 Kudos
Reply

‎06-04-2021 04:51 AM
1,752 Views
ZhangJennie
NXP TechSupport
NXP TechSupport

Please try how it works if using default  AN13037SW? it's 2048 key length. 

I was informed  that Doc team would update AN13037 and remove chapter 3.2.7. This step is blocking chip as you describe, if is not done correctly with CFPA update.

Please test it with Jlink interface as well.

 

Best Regards

Jun Zhang

0 Kudos
Reply

‎06-11-2021 09:53 AM
1,719 Views
andrewfisher
Contributor III

Having finally got hold of a jlink probe I find it is not usable on your dev board (LPCXpresso55s28) anyway.

I can set the jumper to use the link2 part of the board to debug another board but there is no equivalent jumper to disconnect the link2 debugger and allow an external jlink to access to the man chip.

 

0 Kudos
Reply

‎06-17-2021 03:01 AM
1,695 Views
ZhangJennie
NXP TechSupport
NXP TechSupport

We tested a LPC55S66 with following AN13037.pdf. debug authentication works.

Some points you need pay attention:

1. don't execute 3.2.7 Revert device after programming CMPA

2. even you use Jlink interface, still use below command to enable debug interface in "3.2.6 Using debug authentication tool to open debug port", parameter "pyocd" supports Jlink according to the test 

nxpdebugmbox -i pyocd -p 1.0 auth -b 0 -c keys\dck_rsa_2048.dc -k keys\dck_rsa_2048.pem

3. I am not sure if your MCU is bricked. Test if you can access and debug in ISP mode.

I attached testing file of our side.

 

Have a nice day,

Jun Zhang

Authenticaion_test_file.zip
0 Kudos
Reply

‎06-18-2021 09:06 AM
1,685 Views
andrewfisher
Contributor III

The question I asked was does it work with 4096 bit keys? It is a step in the right direction to see it work with 2048 but NOT an answer.

Please can you tell me what setup you used, I see you actually used a different board and chip for starters. Though I appreciate they are very similar.

  • Programmer
  • OS
  • Tools versions

I have said before The LPCXpresso55s28 board is Link2 and I cant see a way to even use a JLink probe.

My MCU is definitely not bricked I can enable and disable features by uploading new CMPA and CFPA blocks over ISP.

I am going to try on Windows rather than Linux next.

 

Also can you tell me why UM11126 (table 1064.Access restriction levels) is a direct conflict with AN13037 (section 3.2.3 PIN/DFLT definitions)!? Not good when this stuff can brick your chip!

Reply

‎04-06-2023 04:13 PM
705 Views
plong44
Contributor II

I hate to revive a 2 year old thread but I think it is worth mentioning that many of Andrew's frustrations around very poor documentation, app note commands being deprecated, etc. still hold true today.

Based on this thread, am I to assume that the 4k debug authentication key feature is broken?

0 Kudos
Reply

‎06-04-2021 06:21 AM
1,745 Views
andrewfisher
Contributor III

I'm also not sure how removing chapter 3.2.7 helps anything.

0 Kudos
Reply

‎06-04-2021 06:20 AM
1,746 Views
andrewfisher
Contributor III

As I have said below I already have tried with 2048 bit keys as in the example with different but still failing results.

I will have to see if I can get hold of a jLink probe.

Can someone at least tell me what

Device expects parameters of different length we can provide!

means? (extracted from above logs)

 

I have to say the documentation covering all the security features is very poor. As it is quite possible to brick the chip with one mistake this is not really acceptable. Especially in the current climate when we cant even get replacements in the variant the product uses - hence testing on one of your dev boards.

  • Different app notes are not consistent with each other.
  • Commands given in app notes have been depreciated (pfr).
  • Creation of templates using the user-config option in pfr give yaml templates and you example code uses jason.
  • It appears that the whole system is fundamentally flawed too due to an undocumented hardware block that has now been reverse engineered - I wont quote the website!
Reply

‎05-28-2021 12:01 PM
1,777 Views
andrewfisher
Contributor III

I have now tried replacing al the certificates with 2048 bit ones and I get a little further. I actually get to the point where it says Authentication successful - however no debug devices appear when I try to use MCUXpresso debugging. Dump below.

However even if it works like this it is not good in my application as I need 4096 bit keys to meet the spec.

I am wondering if its to do with the socc or cc_socu fields - I cant find anywhere that describes what these do in a debug certificate.

Thanks.

 

lots of mailbox accesses followed by....

DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0xab7f_a15a
DEBUG:spsdk.dat.debug_mailbox:-> spin_read: 0x0001_a5a5
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0xa56a_a7ac
DEBUG:spsdk.dat.debug_mailbox:-> spin_read: 0x0000_0000
DEBUG:DebugMBox:DAR response: []
DEBUG:spsdk.dat.debug_mailbox:<- spin_write: 0x0000_0004
DEBUG:spsdk.dat.debug_mailbox:-> spin_read: 0x0000_0000
DEBUG:DebugMBox:Exit response: []
INFO:DebugMBox:Debug Authentication successful
DEBUG:pyocd.core.session:uninit session <pyocd.core.session.Session object at 0x7f3d3d57cb20>
ERROR:pyocd.core.session:probe exception during disconnect:
Traceback (most recent call last):
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/usb/core.py", line 236, in get_interface_and_endpoint
return self._ep_info[endpoint_address]
KeyError: 1

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/pyocd/core/session.py", line 483, in close
self._probe.disconnect()
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/pyocd/probe/cmsis_dap_probe.py", line 204, in disconnect
self._link.disconnect()
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/pyocd/utility/concurrency.py", line 28, in _locking
return func(self, *args, **kwargs)
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/pyocd/probe/pydapaccess/dap_access_cmsis_dap.py", line 724, in disconnect
self._protocol.disconnect()
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/pyocd/probe/pydapaccess/cmsis_dap_core.py", line 193, in disconnect
self.interface.write(cmd)
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/pyocd/probe/pydapaccess/interface/pyusb_backend.py", line 200, in write
self.ep_out.write(data)
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/usb/core.py", line 408, in write
return self.device.write(self, data, timeout)
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/usb/core.py", line 976, in write
intf, ep = self._ctx.setup_request(self, endpoint)
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/usb/core.py", line 113, in wrapper
return f(self, *args, **kwargs)
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/usb/core.py", line 228, in setup_request
intf, ep = self.get_interface_and_endpoint(device, endpoint_address)
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/usb/core.py", line 113, in wrapper
return f(self, *args, **kwargs)
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/usb/core.py", line 238, in get_interface_and_endpoint
for intf in self.get_active_configuration(device):
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/usb/core.py", line 113, in wrapper
return f(self, *args, **kwargs)
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/usb/core.py", line 252, in get_active_configuration
bConfigurationValue=self.backend.get_configuration(self.handle)
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/usb/backend/libusb1.py", line 817, in get_configuration
_check(self.lib.libusb_get_configuration(dev_handle.handle, byref(config)))
File "/home/ajf/work/nxp/sdebug/nxp_venv/lib/python3.8/site-packages/usb/backend/libusb1.py", line 604, in _check
raise USBError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBError: [Errno 5] Input/Output Error
DEBUG:pyocd.probe.pydapaccess.interface.pyusb_backend:closing interface

 

 

0 Kudos
Reply