- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
Hi,
I am trying to use 'an elliptic curve' for signing and verifying in Trustzone,
but it seems that there is no example of it.
There is a benchmark using mbedTLS, so I've been trying to port it into my trustzone project,
but whenever I debugged, the board always was stuck in 'hashcrypt_sha_finalize', more specifically,
/* poll wait for final digest */
while (0U == (base->STATUS & HASHCRYPT_STATUS_DIGEST_MASK))
{
}I searched what this status means, but I couldn't find meaningful results.
Any comments would be greatly appreciated.
Let me specify what I have done in the program.
- Copy and paste 'lpcxpresso55s69_mbedtls_benchmark' project into my project
- Due to the size limitation of secure flash memory, increase the flash size in build setting and adjust secure flash memory and non-secure flash memory in TZ setting
- Call functions from the example, in order,
- CRYPTO_InitHardware()
- mbedtls_ecdsa_init( &ecdsa )
- mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL )
- mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size, tmp, &sig_len, myrand, NULL )
Everything goes fine except for the last one, mbedtls_ecdsa_write_signature().
During calling the function, it's stuck at the sha function as I mentioned above.
Thank you so much for reading!
已解决! 转到解答。
Solved!
Please refer to this post for more details.
CarlosGarabito
hi @mat1024
My apologies, but this example is from mbed, so you need to check it with the community correspondent https://os.mbed.com/forum/
Also, the reason why I asked the question about "hashcrypt_sha_finalize()" is that it would be greatly helpful to me to guess what I missed if I get a hint for that part.
There is no information I found about the status bit of Hashcrypt, so any comments about this also very useful to me.
Thanks!!
Hi @CarlosGarabito ,
Thanks for reaching me out.
I'm sorry that I forgot to demonstrate a few things.
The original example code worked well, which means that there is likely some configuration mismatched in my project, and that's why I asked the question here.
Configuration in software of my code (initializing power/clk/drivers) looks very similar with the one in the example.
So here's what I am thinking about the problem.
- My program runs in Trustzone, and there is something I missed in the configuration
- I increased the secure flash memory, adjusted the location of non-secure flash memory, and modified the secure regions in TEE setting
- The memory used by Hashcrypt has conflicted with the memory used by other codes in my project
- Defined symbols and included header files might be different from the one in the example code
The next step I would like to try is
- Get rid of other codes in TZ in my code and use only codes from the example in TZ, or
- Move all the codes from the example to the normal world
I will update after having a try.
Thanks!
I tried to do the following two steps,
- Get rid of other codes in TZ in my code and use only codes from the example in TZ, or
- Move all the codes from the example to the normal world
and found that the first way did not work; although I removed all other codes except for the crypto codes from the example, it was still stuck at the aforementioned function.
The second way works well, which means that it is likely to take place since I put the code into the secure world.
Is there any code to use crypto functions in Trustzone for LPC55s69 boards?
I think I found the reason why it has taken place.
In the SHA functions in fsl_hashcrypt.c file,
if "base->MEMADDR", which is the address of being hashed, is set to non-secure regions, then it works well, but if base->MEMADDR is set to secure regions, then the value of "base->MEMCTRL" is remained as 0 which makes "base->STATUS" 5.
"base->STATUS" should've been set to 3 in order to pass the infinite loop.
Could you let me know why this happens? Does this mean that I should use non-secure memory for the message which can be an input for signing?
Are there any related documents?
Any comments would be appreciated a lot!
Thanks!
