[Security] The I/F used by the secure boot trust chain

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

[Security] The I/F used by the secure boot trust chain

ソリューションへジャンプ
787件の閲覧回数
Gideon
Contributor III

Dear NXPs:

My Flash layout is as shown below:

 

My trust chain is like this:

1.CSEc boot ROM verifies the bootmanaer image, and executes bootmanaer after verification.

2.The bootmanager verifies the bootloader and executes the bootloader after completion.

3.The bootloader verifies the application and executes the application after completion.

My question is during step 2 and step 3, should I use the 0x02-ENC-CBC (AN5401) I/F of the CSEC component to calculate the CMAC values of the bootloader and application image?

ラベル(1)
0 件の賞賛
返信
1 解決策
741件の閲覧回数
Gideon
Contributor III

Dear NXPs:

Taking the Application area as an example, use the CMD_GENERATE_MAC interface to calculate the CMAC value of the Application and automatically save it in CSEc. Use the CMD_VERIFY_MAC interface and the interface parameter is the CMAC value calculated on the PC (CMAC in the purple area) for verification, right?

元の投稿で解決策を見る

0 件の賞賛
返信
3 返答(返信)
752件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @Gideon 

CMD_ENC_CBC command is for encryption. You need to generate and verify CMAC, so you should use commands CMD_GENERATE_MAC and CMD_VERIFY_MAC.

Regards,

Lukas

0 件の賞賛
返信
742件の閲覧回数
Gideon
Contributor III

Dear NXPs:

Taking the Application area as an example, use the CMD_GENERATE_MAC interface to calculate the CMAC value of the Application and automatically save it in CSEc. Use the CMD_VERIFY_MAC interface and the interface parameter is the CMAC value calculated on the PC (CMAC in the purple area) for verification, right?

0 件の賞賛
返信
725件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Not sure if I can understand: "automatically save it in CSEc" - CMAC is not automatically saved to CSEc when using CMD_GENERATE_MAC.

"Use the CMD_VERIFY_MAC interface and the interface parameter is the CMAC value calculated on the PC (CMAC in the purple area) for
verification, right?"
- Yes, that's correct.

Regards,

Lukas

0 件の賞賛
返信