ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Secure Boot questions on MPC5777C

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Secure Boot questions on MPC5777C

‎09-25-2021 06:00 AM
1,010件の閲覧回数
srikanth_vemula
Contributor II

Hi,

I am working on Cryptographic Service Engine (CSE) for enabling Secure Boot feature on MPC5777C. After going through the reference manual and AN4234, I have got below doubts:

1. Is Secure Boot feature by default enabled on the product or we need to enable it?

2. Where can I get MASTER_ECU_KEY and BOOT_MAC_KEY which are required for executing secure boot process.

3. What happens if the BOOT_MAC_KEY is not matching with the calculated MAC? Would the Microcontroller hang in while(1)?

4. It is mentioned in the document : "For details about how and when the SECURE_BOOT
command is issued on this chip, see the chip-specific CSE information." can you please provide this chip specific information for MPC5777C.

5. Could you please provide any example code to enable the secure boot feature on MPC5777C.

Thanks in advance.

Regards,

Srikanth Vemula.

0 件の賞賛
返信
1 返信

‎09-27-2021 12:09 AM
997件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

 

AN4234 was written mainly for MPC5646C, take a look at:

https://www.nxp.com/webapp/Download?colCode=AN5418

 

  1. Secure Boot is enabled on all devices, it’s not necessary to program a DCF record.
  2. MASTER_ECU_KEY and BOOT_MAC_KEY are your keys, those are provided by a user.
  3. In case of parallel and sequential boot mode, you are just not able to use boot protected keys. In case of strict sequential boot mode, the device is bricked and there’s no way to recover.
  4. This is talking about the DCF record mentioned earlier. It’s enabled in the factory, so you can ignore this.
  5. The AN5418 contains also short code snippets. In case if secure boot, it’s just necessary to execute SECURE_BOOT command to define address and size of protected area and then load BOOT_MAC_KEY (it’s loaded as any other key).

 

There are also some examples in SDK. Not for secure boot but it could be also helpful:

 

c:\NXP\S32DS_Power_v2.1\S32DS\software\S32_SDK_S32PA_RTM_3.0.3\examples\MPC5777C\driver_examples\system\cse_keyconfig\

 

c:\NXP\S32DS_Power_v2.1\S32DS\software\S32_SDK_S32PA_RTM_3.0.3\examples\MPC5777C\driver_examples\system\security_pal\

 

Regards,

Lukas

0 件の賞賛
返信