If in the mass production stage, how to safely and effectively manage CSEc keys

ZEROOO · ‎09-25-2023

Hi,

I have some questions about the management of CSEc key. We have added a constant array to store the key value when the key is loaded, but if this constant is placed in the pflash area, I think it is not safe. Do you have any suggestions about the management of the key? If a key program is specially set up at the time of mass production, this part of the program is brushed first and then the formal program is brushed, so it seems inconvenient when the canned program is mass-produced.

lukaszadrapa · ‎10-08-2023

Hi @ZEROOO

FPROT is a protection against modification of the flash. But it still can be read. To restrict the access via JTAG, you need to secure the device using FSEC.

Here's simple example including backdoor key access (temporary unlocking the security):

https://community.nxp.com/t5/S32K-Knowledge-Base/Example-S32K144-Verify-Backdoor-Access-Key-S32DS1-3...

Regards,

Lukas

在原帖中查看解决方案

lukaszadrapa · ‎09-27-2023

Hi @ZEROOO

the keys should definitely not stay in flash in plain form (or rather in any form). That's considered as a serious security risk.

Users (Tiers and OEM) usually build up secure environments in which they can program secrets into the components. This includes individual-person access to these facilities as well as measures in and around the equipment.

Depending on needs and tools, it's possible to load configuration project first, erase it and then load the final application. Or the final application can be programmed and then the keys (or not the keys but rather only M1-M5 values for each key) can be supplied externally via some communication interface, for example. Everything is up to you.

If you want to keep it as simple as possible and if you don't want to load configuration project or load the keys externally, an option is to put the keys to some specific sector in flash, then load the application in production facility, reset the device, the SW will check if it is first startup, the SW will do the configuration and load the keys and then it will erase the flash sector with plain keys.

Regards,

Lukas

ZEROOO · ‎09-27-2023

Hi

Is the key loaded into a particular sector only the one that EEPROM assigned to CSEc, which would still require burning the code twice.

lukaszadrapa · ‎09-28-2023

You can simply use one sector in program flash, so everything is loaded in single shot.

ZEROOO · ‎10-06-2023

Hi

I tried to modify the FPROT register for pflash protection, but I found that it could not be erased, and the key could still be seen through the debugger. How do I close the JTAG interface to prevent it from being viewed.

lukaszadrapa · ‎10-08-2023

Hi @ZEROOO

FPROT is a protection against modification of the flash. But it still can be read. To restrict the access via JTAG, you need to secure the device using FSEC.

Here's simple example including backdoor key access (temporary unlocking the security):

https://community.nxp.com/t5/S32K-Knowledge-Base/Example-S32K144-Verify-Backdoor-Access-Key-S32DS1-3...

Regards,

Lukas

If in the mass production stage, how to safely and effectively manage CSEc keys

If in the mass production stage, how to safely and effectively manage CSEc keys

S32 SDK for S32K1