Writing HSM keys

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Writing HSM keys

Jump to solution
2,327 Views
k_mazur
Contributor II

Hey guys, another big question from me.

 

I'm at a stage in my project where I have the HSM working and giving back correct ECB and CBC values, unfortunately this is not the core of our project, we need MAC generation, at first I used the ram key for this and if you read the reference manuals(security reference manual and the SHE on mpc5748g) you'll know why they were off.

 

What we have now: we used a script to enable the HSM, which supposedly flashed a secret key, but doesn’t mention a MASTER_ECU key, I implemented the get_id method and the mac value from it is 0 = means that apparently the MASTER_ECU_KEY  is empty and as mentioned previously the generateMac and verifyMac functions result in wrong values, i have implemented m1-m5 and k1-k4 generation based on the SHE on mpc5748g manual but it comes up with invalid key when trying to load values generated for MASTER_ECU_KEY  and empty key for values generated for key_1.

 

I'm after SHE - secure hardware extension functional specification document, which is referenced heavily in every pdf I look at to learn how to upload my own key but according to our contact, NXP don’t give out that document(silly, because its required to implement some major functionality)

 

So, I'd like to know where I can get the info about this, mainly I require values for MASTER_ECU_KEY like uid, flags, cid and whether I need to encrypt(and which encryption and key) the value, I am pretty sure I got m1 and m3 ok, m2 isn’t working because uid = 0 because MASTER_ECU_KEY = 0.

If the answer is too sensitive for the forums I am absolutely ok with PM's

Edit1: I exported RAM_KEY which gave me an encrypted M1, which makes me think that the SHE on mpc5748g document is also off because it doesnt mention any encryption of M1.

Edit2: When i try to update master_ecu_key the way it shows in the reference manuals i get 0x8 = error updating key

Tags (3)
0 Kudos
1 Solution
1,631 Views
k_mazur
Contributor II

Solution found, she on mpc5748g is the way to go. 1 thing though, that document needs a major rework, it is unbelievably confusing and the way its written and how it describes functions and pseudocode is extremely poor.

View solution in original post

0 Kudos
2 Replies
1,632 Views
k_mazur
Contributor II

Solution found, she on mpc5748g is the way to go. 1 thing though, that document needs a major rework, it is unbelievably confusing and the way its written and how it describes functions and pseudocode is extremely poor.

0 Kudos
1,631 Views
manish_sharma
NXP Employee
NXP Employee

This was the apps note created by someone, not created by the SHE Security FW team. We deleted this doc from the NXP website. FW team just informed me that it is still available on Docstore. We will soon remove this from Docstore too.

Pl get the latest doc and  refer the same for your development and support.

If any issues let me know. manish.kumar@nxp.com

0 Kudos