LPC55S69 : Writing the keystore activates CMPA ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LPC55S69 : Writing the keystore activates CMPA ?

1,865 Views
trescurieux
Contributor III

Hi

I'm trying to store the PUF activation code/userKeyCode in the KeyStore

To that order i've filled the ffr_key_store_t 3 pages as 

uint32_t magic;
uint32_t pufDischarge;
uint8_t activationCode[1192];
uint8_t SBKEK[56];
uint8_t USERKEK[56];
uint8_t reserved[56];
uint8_t prince0[56];
uint8_t prince1[56];
uint8_t prince2[56];

filled with all zeroes except activationCode, UserKEK and magic set to 0x95959595

and then called FFR_KeystoreWrite

 

After reboot, the unit does not respond any longer to SWD or even ISP/USB-HID

It behaves as if CMPA settings where filled with incorrect value, while i only modified the KeyStore part

(i did not touch the other CMPA main parts)

I was under the impression that it was  ok to set activation code and  user Keycode and  set magic to 0x9595.... as many time as i want until CMPA is locked

Isn't that correct ?

What is the right way to set activation code & friends ? Set all CMPA field + keyStore at the same time ?

 

Thank you in advance

Tres

0 Kudos
Reply
8 Replies

1,826 Views
trescurieux
Contributor III

Hello again

So i did try with the bldhost examples given in the applicaiton note => worked fine and only changed the keystore as expected

Using Bldhost => works as expected

Just calling FFR_KeystoreWrite() to store the keyStore with created entries => bricked MCU. So either i misused it/misunderstood it or the call is having side effects.

Google was of little help, FFR_KeystoreWrite does not seem to be used much.

Is there any demo/sample code known to work available for FFR_KeystoreWrite() ?​

Thank you in advance

Tres

 

0 Kudos
Reply

1,750 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello,

The right  PFR key store layout is shown below:

Address

Size (bytes)

Name

Description

0x9E600

4

Key Store Header

Marker. A value of 0x95959595 means that Activation code is valid.

0x9E604

4

PUF Discharge time

Time in milliseconds to wait until PUF SRAM fully discharges. Only effective when PUF Start fails. Set to zero to use default discharge time.

0x9E608

1192

Activation Code

Device specific PUF activation code generated by enroll command during key provisioning.

0x9EAB0

4

SBKEK Key Code Header

Marker. A value of 0x59595959 means that key code is valid.

0x9EAB4

52

SBKEK Key Code

Key Code for wrapped SBKEK key

0x9EAE8

4

USERKEK Key Code Header

Marker. A value of 0x59595959 means that key code is valid.

0x9EAEC

52

USERKEK Key Code

Key Code for wrapped USERKEK key

0x9EB20

56

-

Reserved.

0x9EB58

4

PRINCE Region 0 Key Code Header

Marker. A value of 0x59595959 means that key code is valid.

0x9EB5C

52

PRINCE Region 0 Key Code

Key Code for wrapped PRINCE Region 0 key

0x9EB90

4

PRINCE Region 1 Key Code Header

Marker. A value of 0x59595959 means that key code is valid.

0x9EB94

52

PRINCE Region 1 Key Code

Key Code for wrapped PRINCE Region 1 key

0x9EBC8

4

PRINCE Region 2 Key Code Header

Marker. A value of 0x59595959 means that key code is valid.

0x9EBCC

52

PRINCE Region 2 Key Code

Key Code for wrapped PRINCE Region 2 key

 

Other KC fileds which are not used can be filled 0.

 

BR

Alice

1,771 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello trescurieux,

It seems there is something wrong in the User Manual, doesn't give the KC header,

I will confirm it with internal.

And I sorry i'm mistake, the function "ffr_get_customer_data" can't read keystore data,

need use "ffr_keystore_get_kc", but I recommend you use blhost to write KC/AC, because the ffr_keystore_write need program 3 pages, must configure all the 3 pages well, Blhost can program one KC alone. 

 

BR

Alice

0 Kudos
Reply

1,731 Views
trescurieux
Contributor III

Thank you Alice

 

0 Kudos
Reply

1,844 Views
trescurieux
Contributor III

Thank you, but 

The thing is, i didnt modify CMPA directly

I only wrote KeyStore through one call to FFR_KeystoreWrite, that's it.

Does that trigger an implicit CMPA writing with random value(s) or zeroes  ?

Is there a way to put stuff in the keyStore without altering the CMPA page  for test purpose ?

Thank you

 

 

0 Kudos
Reply

1,813 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

 

Hello trescurieux,

Sorry there isn't a demo.

There are some points you need pay attention:

1) "filled with all zeroes except activationCode" -> Fill zeroes are not right.

2) The second parameters of ffr_keystore_write need point 3 pages structure.

So, I suggest you using ffr_get_customer_data() first read the 3 pages that includes AC/KC from your chip, then just change the AC /KC part, then use ffr_keystore_write() write the three pages.

 

BR

Alice

0 Kudos
Reply

1,806 Views
trescurieux
Contributor III

Hi

Thank you for the pointer , so i tried calling :

 FFR_GetCustomerData(&_config,tmp+0*512,1*512,512 );

to get the page after cmpa (i.e. first page of keystore)

It failed with error 4 (invalid arg i think). Both flash_init and FFR_Init have been called previously successfully.

Is there alignment constraint on the target buffer in ram ?

For reference, i just want to store AC and userKEK in PFR without activating prince or anything else.

Just write the 3 keystore pages, that's it.

Thank you in advance

Tres

0 Kudos
Reply

1,851 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello,

Yes, when write CMPA, you need very carefully, you can see the CMPA includes many parts in attached excel of UM, for example ISP mode, if disable ISP mode by mistake, it can't enter ISP mode.

It sees you use PUF with Prince, you can refer to this AN:

https://www.nxp.com.cn/docs/en/application-note/AN12527.pdf

 

BR

Alice

0 Kudos
Reply