LPC55S28: PUF_GetHwKey fails when using prince region0

tobias91 · ‎01-09-2025

Hi,

trying to set up secure boot on a LPC55S28 custom board. Following along the prince example from the SDK. Only using prince region 0. boot type is Encrypted (Prince) and signed
When i get to this part of the example:

status = FFR_KeystoreGetKC(&g_iap.config, &keyCode[0], kFFR_KeyTypePrinceRegion0);

status = PUF_GetHwKey(PUF, keyCode, sizeof(keyCode), kPUF_KeySlot2, rand());

The FFR_KeystoreGetKC return key and status okay but PUF_GetHwKey always fails. What am I missing? Something more in the secure provisioning tool for CMPA/CFPA I need to set up?

Alice_Yang · ‎01-14-2025

Hello @tobias91

If you want to use the Secure boot + PRINCE function, I highly recommend that you use MCUXpresso Secure Provisioning too. Refer to "6.4.3.3 Booting signed or PRINCE encrypted image" in <MCUXpresso Secure Provisioning Tool User Guide>.

BR

Alice

tobias91 · ‎01-14-2025

Hi, thanks Alice for the reply I am using MCUXpresso Secure Provisioning Tool.
Some more details I should have added from the start. The application I am using is split i 2 parts one bootloader and one application. I right now load the bootloader using MCUXpresso Secure Provisioning and works as expected. But later when the devie is booted and in the bootloader mode i need to be able to load the application. What steps do i need to take to achieve the following unlock memory area i want write application to , flash application and encrypt the newly written area?

Alice_Yang · ‎01-14-2025

Hello @tobias91

It seems the same issue with your private ticket. I have reply you on that, please check it. Thanks.

BR

Alice

LPC55S28: PUF_GetHwKey fails when using prince region0

LPC55S28: PUF_GetHwKey fails when using prince region0

LPC55xx