Dear NXPs:
My Flash layout is as shown below:
My trust chain is like this:
1.CSEc boot ROM verifies the bootmanaer image, and executes bootmanaer after verification.
2.The bootmanager verifies the bootloader and executes the bootloader after completion.
3.The bootloader verifies the application and executes the application after completion.
My question is during step 2 and step 3, should I use the 0x02-ENC-CBC (AN5401) I/F of the CSEC component to calculate the CMAC values of the bootloader and application image?
解決済! 解決策の投稿を見る。
Dear NXPs:
Taking the Application area as an example, use the CMD_GENERATE_MAC interface to calculate the CMAC value of the Application and automatically save it in CSEc. Use the CMD_VERIFY_MAC interface and the interface parameter is the CMAC value calculated on the PC (CMAC in the purple area) for verification, right?
Hi @Gideon
CMD_ENC_CBC command is for encryption. You need to generate and verify CMAC, so you should use commands CMD_GENERATE_MAC and CMD_VERIFY_MAC.
Regards,
Lukas
Dear NXPs:
Taking the Application area as an example, use the CMD_GENERATE_MAC interface to calculate the CMAC value of the Application and automatically save it in CSEc. Use the CMD_VERIFY_MAC interface and the interface parameter is the CMAC value calculated on the PC (CMAC in the purple area) for verification, right?
Not sure if I can understand: "automatically save it in CSEc" - CMAC is not automatically saved to CSEc when using CMD_GENERATE_MAC.
"Use the CMD_VERIFY_MAC interface and the interface parameter is the CMAC value calculated on the PC (CMAC in the purple area) for
verification, right?"
- Yes, that's correct.
Regards,
Lukas