LPC55S69 : Writing the keystore activates CMPA ?

trescurieux · ‎02-24-2021

Hi

I'm trying to store the PUF activation code/userKeyCode in the KeyStore

To that order i've filled the ffr_key_store_t 3 pages as

uint32_t magic;
uint32_t pufDischarge;
uint8_t activationCode[1192];
uint8_t SBKEK[56];
uint8_t USERKEK[56];
uint8_t reserved[56];
uint8_t prince0[56];
uint8_t prince1[56];
uint8_t prince2[56];

filled with all zeroes except activationCode, UserKEK and magic set to 0x95959595

and then called FFR_KeystoreWrite

After reboot, the unit does not respond any longer to SWD or even ISP/USB-HID

It behaves as if CMPA settings where filled with incorrect value, while i only modified the KeyStore part

(i did not touch the other CMPA main parts)

I was under the impression that it was ok to set activation code and user Keycode and set magic to 0x9595.... as many time as i want until CMPA is locked

Isn't that correct ?

What is the right way to set activation code & friends ? Set all CMPA field + keyStore at the same time ?

Thank you in advance

Tres

trescurieux · ‎03-01-2021

Hello again

So i did try with the bldhost examples given in the applicaiton note => worked fine and only changed the keystore as expected

Using Bldhost => works as expected

Just calling FFR_KeystoreWrite() to store the keyStore with created entries => bricked MCU. So either i misused it/misunderstood it or the call is having side effects.

Google was of little help, FFR_KeystoreWrite does not seem to be used much.

Is there any demo/sample code known to work available for FFR_KeystoreWrite() ?

Thank you in advance

Tres

Alice_Yang · ‎03-14-2021

Hello,

The right PFR key store layout is shown below:

Address	Size (bytes)	Name	Description
0x9E600	4	Key Store Header	Marker. A value of 0x95959595 means that Activation code is valid.
0x9E604	4	PUF Discharge time	Time in milliseconds to wait until PUF SRAM fully discharges. Only effective when PUF Start fails. Set to zero to use default discharge time.
0x9E608	1192	Activation Code	Device specific PUF activation code generated by enroll command during key provisioning.
0x9EAB0	4	SBKEK Key Code Header	Marker. A value of 0x59595959 means that key code is valid.
0x9EAB4	52	SBKEK Key Code	Key Code for wrapped SBKEK key
0x9EAE8	4	USERKEK Key Code Header	Marker. A value of 0x59595959 means that key code is valid.
0x9EAEC	52	USERKEK Key Code	Key Code for wrapped USERKEK key
0x9EB20	56	-	Reserved.
0x9EB58	4	PRINCE Region 0 Key Code Header	Marker. A value of 0x59595959 means that key code is valid.
0x9EB5C	52	PRINCE Region 0 Key Code	Key Code for wrapped PRINCE Region 0 key
0x9EB90	4	PRINCE Region 1 Key Code Header	Marker. A value of 0x59595959 means that key code is valid.
0x9EB94	52	PRINCE Region 1 Key Code	Key Code for wrapped PRINCE Region 1 key
0x9EBC8	4	PRINCE Region 2 Key Code Header	Marker. A value of 0x59595959 means that key code is valid.
0x9EBCC	52	PRINCE Region 2 Key Code	Key Code for wrapped PRINCE Region 2 key

Other KC fileds which are not used can be filled 0.

BR

Alice

Alice_Yang · ‎03-09-2021

Hello trescurieux,

It seems there is something wrong in the User Manual, doesn't give the KC header,

I will confirm it with internal.

And I sorry i'm mistake, the function "ffr_get_customer_data" can't read keystore data,

need use "ffr_keystore_get_kc", but I recommend you use blhost to write KC/AC, because the ffr_keystore_write need program 3 pages, must configure all the 3 pages well, Blhost can program one KC alone.

BR

Alice

trescurieux · ‎03-17-2021

Thank you Alice

trescurieux · ‎02-25-2021

Thank you, but

The thing is, i didnt modify CMPA directly

I only wrote KeyStore through one call to FFR_KeystoreWrite, that's it.

Does that trigger an implicit CMPA writing with random value(s) or zeroes ?

Is there a way to put stuff in the keyStore without altering the CMPA page for test purpose ?

Thank you

Alice_Yang · ‎03-01-2021

Hello trescurieux,

Sorry there isn't a demo.

There are some points you need pay attention:

1) "filled with all zeroes except activationCode" -> Fill zeroes are not right.

2) The second parameters of ffr_keystore_write need point 3 pages structure.

So, I suggest you using ffr_get_customer_data() first read the 3 pages that includes AC/KC from your chip, then just change the AC /KC part, then use ffr_keystore_write() write the three pages.

BR

Alice

trescurieux · ‎03-02-2021

Hi

Thank you for the pointer , so i tried calling :

FFR_GetCustomerData(&_config,tmp+0*512,1*512,512 );

to get the page after cmpa (i.e. first page of keystore)

It failed with error 4 (invalid arg i think). Both flash_init and FFR_Init have been called previously successfully.

Is there alignment constraint on the target buffer in ram ?

For reference, i just want to store AC and userKEK in PFR without activating prince or anything else.

Just write the 3 keystore pages, that's it.

Thank you in advance

Tres

Alice_Yang · ‎02-25-2021

Hello,

Yes, when write CMPA, you need very carefully, you can see the CMPA includes many parts in attached excel of UM, for example ISP mode, if disable ISP mode by mistake, it can't enter ISP mode.

It sees you use PUF with Prince, you can refer to this AN:

https://www.nxp.com.cn/docs/en/application-note/AN12527.pdf

BR

Alice