FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

nxpkeygen Error: non-hexadecimal number found in fromhex

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

nxpkeygen Error: non-hexadecimal number found in fromhex

‎05-28-2021 06:24 AM
2,137 Views
andrewfisher
Contributor III

Hello, I am trying to implement secure debug authentication as described in AN13037.

I have all my certificates in place but when I try to create the debug certificate (dc) I get the following:

 

(nxp_venv) ajf@ajf3:~/work/nxp/sdebug$ nxpkeygen gendc -c config.yml keys/dck_rsa_4096.dc
INFO:spsdk.apps.nxpkeygen:Loading configuration from yml file...
INFO:spsdk.apps.nxpkeygen:Creating RSA debug credential object...
GENERAL ERROR: ValueError: non-hexadecimal number found in fromhex() arg at position 1

 

The config.yml file looks like this:

 

socc: 0x0001
uuid: "0"
cc_socu: 0x03FF
cc_vu: 0x0000
cc_beacon: 0
rot_id: 0
rot_meta:
- keys/public_key0_4096.pub
- keys/public_key1_4096.pub
- keys/public_key2_4096.pub
- keys/public_key3_4096.pub
rotk: keys/ca_key0_4096.pem
dck: keys/dck_rsa_4096.pub

 

 (I added the rot_id not present in the example file as it errors without it. I have tried 1 and 0)

 

I have 4 ROT keys and I have tried rto_meta as 'pem' files and as hex dumps of the modulus. Likewise for the rotk

I have no idea where the error is originating. Running strace on nxpkeygen looks like it never seems to get as far as opening any of the key files anyway. I have also discovered that if I deliberately put invalid filenames for all the key files I get exactly the same error

The ROT certificates work fine for creating a secure signed binary code image using elftosb so I think they are all correct.

Thank you

0 Kudos
Reply
1 Reply

‎05-28-2021 08:34 AM
2,128 Views
andrewfisher
Contributor III

I think I have got to the bottom of this.

Inside the nxpkeygen program eventually we get to debug_credential.py and the lines around line 140

 

 

        dc_obj = klass(
            socc=yaml_config['socc'], uuid=bytes.fromhex(yaml_config['uuid']),

 

 

Elsewhere the uuid is going to need to be defined as a byte array of 4 bytes.

But if you enter the example config.yml file:

 

 

socc: 0x0001
uuid: "0"
cc_socu: 0x03FF
cc_vu: 0x0000
cc_beacon: 0
rot_meta:
- keys\rotk0_rsa_2048.pub
- keys\rotk1_rsa_2048.pub
- keys\rotk2_rsa_2048.pub
- keys\rotk3_rsa_2048.pub
rotk: keys\rotk0_rsa_2048.pem
dck: keys\dck_rsa_2048.pub

 

 

we see uuid defined as "0" thus bytes.fromhex() decodes this as a byte array containing one byte

The correct answer is uuid should be defined as "00000000" or better still the tool should be fixed!

It is also not expecting a leading 0x, unlike the other fields.

After this it became clear that the key files all need to be straight forward pem files.

Reply