Can someone please explain in detail summary what below functions will do in csec_keyconfig example project.
/* Initialize Flash for CSEc operation */
/* Load the MASTER_ECU key with a known value, which will be used as Authorization key (a secret key known by the application in order to configure other user keys) */
/* Load the selected key First load => counter == 1 */
keyLoaded = loadKey(CSEC_KEY_1, key, 1);
Sorry for asking this questions blindly. Though in debug mode by single stepping the source code, I could understand it theoretically.
But I want to program my own security keys to CSEc module in our products before releasing it to market.
So it would be of great help if someone explains it with S32K144 context and how it works.
Thanks for the reply. I shall investigate more from my side.
From Data spec of S32K144, I only understand there is 512 KB of flash and 64 KB of system RAM.
But from one of reference manual of S32K144, I got below screenshot which I am not able to interpret. Can you please provide more information if you can please ?
Referring to below screenshot, I know PRAM is of 128 Bytes.
Please find below an explanation for each of the functions mentioned by you.
- the 0x3 parameter specifies that there will be 24 available user keys; for more details, please see the documentation of the FLASH_DRV_DEFlashPartition function.
loadKey(CSEC_KEY_1, key, 1):
CSEC_DRV_EncryptECB(CSEC_KEY_1, plainText, 16, cipherText):
Please note that if you plan to use another MASTER_ECU key, you should first erase the keys by updating the value of the ERASE_ALL_KEYS macro to 1.
I hope this answers your question. If not, let me know and I will go into more detail.
ERC_KEY_UPDATE_ERROR occurs when I use setAuthKey to read the error bit. The manual explains ERC_KEY_UPDATE_ERROR. Example: key update authentication failed; for
LOAD_KEY : M3 =! M3* or UID is empty and AuthID isn't the same key slot, how can I determine the specific cause, I guess AuthID isn't the same key slot, how can I solve this problem.
Thanks a lot.
This is the information I was looking for. Its very clear.
I need couple of clarifications if you don't mind:
1. Assume we are going to release 100 products with S32K144 MCU. Should we be programming same security keys(to CSEc module) in all 100 products ?
2. Assume product has Application processor(Qualcomm snapdragon) and S32K144 MCU communicating over UART. How I can use CSEc module of S32K144 to validate messages received from application processor and vice versa.
3. When messages are exchanged between two S32K144 EVB over CAN. How CAN message is protected from intruders. How CSEc module works in this case ?
Unfortunately I cannot answer the three questions, as it depends on the application and how exactly it uses the keys. These questions should probably be answered by a security architect, having a complete overview of the system.
In terms of CSEc features which could be used for providing confidentiality and authentication, the module provides: