How can I use the SDK to Generate BOOT_MAC

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

How can I use the SDK to Generate BOOT_MAC

跳至解决方案
2,336 次查看
香龙朱
Contributor II

Hi !

Now,I want to use the SDK to Generate BOOT_MAC.

refer to the AN5401.pdf. in  capter 4.4.3.1 Manually I find the DATA to Generate BOOT_MAC is not just the PFLASH_DATA. but also it has other 128bit data.

data.png

I look for the SDK function, I can't find any function that can Generate BOOT_MAC.

now, I use the MAC_SECURE_BOOT() function in AN5401SW.zip instead. but I really want to use the SDK function.

anybody can hint me something?

标记 (4)
0 项奖励
回复
1 解答
2,073 次查看
veronicavelciu
NXP Employee
NXP Employee

Hello Shannon,

Indeed there is no method to use directly a pointer to flash address 0x0 in this specific situation, but a solution would be to copy the additional bytes and the contents of your application (PFLASH_DATA) to a new buffer and use that buffer as a parameter for CSEC_DRV_GenerateMAC - this implies one extra copy than in AN5401SW. Another option would be to have the additional bytes and the contents of the application stored concatenated somewhere in Flash, and pass the Flash address to the CSEC_DRV_GenerateMACAddrMode function as msg parameter - this method implies no copy, CSEc will directly read from Flash.

Unfortunately there is no function in the SDK for generating BOOT_MAC specifically.

I still recommend the automatic calculation of BOOT_MAC, as described in section 4.4.3.2, as this avoids all these steps.

Best regards,

Veronica

在原帖中查看解决方案

0 项奖励
回复
4 回复数
2,073 次查看
veronicavelciu
NXP Employee
NXP Employee

Hello Shannon,

You can use the CSEC_DRV_GenerateMAC function in the SDK to generate the BOOT_MAC for the application you are trying to protect.

First of all, you need to load the RAM_KEY with the same value as BOOT_MAC_KEY, using CSEC_DRV_LoadPlainKey.

Then, you will need to invoke CSEC_DRV_GenerateMACThe parameters will be the following:

  • keyIdCSEC_RAM_KEY
  • msg - Pointer to a buffer containing the DATA indicated in the note you mentioned (represented here as uint32_t words): 0 0 0 BOOT_SIZE PFLASH_DATA 
  • msgLen - BOOT_SIZE + 128
  • cmac - Pointer to a buffer where the computed BOOT_MAC will be stored
  • timeout - Timeout in milliseconds.

Please note that the BOOT_MAC can be automatically calculated by the CSEc module, avoiding the computation above (you can refer to chapter 4.4.3.2 in the application note).

Hope this helps!

Best regards,

Veronica

0 项奖励
回复
2,073 次查看
香龙朱
Contributor II

Hello Veronica

I can't generate BOOT_MAC by using CSEC_DRV_GenerateMAC() . Because of the msg pointer. The msg pointer is point to the Flash address is 0x00000000; I can't add "0 0 0 BOOT_SIZE" before it. so the msg pointer is error for generate BOOT_MAC. my BOOT_SIZE is 64Kbytes.

Is there any other method or function to generate BOOT_MAC by using SDK?

thanks very much.

0 项奖励
回复
2,074 次查看
veronicavelciu
NXP Employee
NXP Employee

Hello Shannon,

Indeed there is no method to use directly a pointer to flash address 0x0 in this specific situation, but a solution would be to copy the additional bytes and the contents of your application (PFLASH_DATA) to a new buffer and use that buffer as a parameter for CSEC_DRV_GenerateMAC - this implies one extra copy than in AN5401SW. Another option would be to have the additional bytes and the contents of the application stored concatenated somewhere in Flash, and pass the Flash address to the CSEC_DRV_GenerateMACAddrMode function as msg parameter - this method implies no copy, CSEc will directly read from Flash.

Unfortunately there is no function in the SDK for generating BOOT_MAC specifically.

I still recommend the automatic calculation of BOOT_MAC, as described in section 4.4.3.2, as this avoids all these steps.

Best regards,

Veronica

0 项奖励
回复
2,073 次查看
香龙朱
Contributor II

Hello Veronica,

Thank you for your response.

The msg is a pointer to the buffer. this is the key problem. because the PFLASH_DATA's pointer is 0x00000000, I can't add 0 0 0 BOOT_SIZE before this pointer.

0 项奖励
回复