Hi all,
I'm having some problems using the CSEc module.
I used setAuthKey to set the authorization key during initialization and loadKey to load and update key1. How do I manage the execution of setAuthKey and loadKey after I power on and off again? Here are some more questions to answer:
1. If you continue to execute these two functions without doing any processing, is there any error?
2. If I do not want to perform these two functions, is there any recommended policy to let me know that the authorization key mater key has been loaded successfully?
3. Can Key be checked, similar to CMAC check function?
Best Regards
Lucy
Hi @LucyYou
Loading of initial keys is one-time operation which is usually done in factory during production. If you are running this initialization if field, it means that you have plain keys in normal flash memory which is a security risk.
To answer your questions:
1. If you continue to execute these two functions without doing any processing, is there any error?
- Yes, error will be returned, the keys won’t be loaded again. To update the keys, it is necessary to follow memory update protocol (increment counter of key, calculate M1-M5 again…
2. If I do not want to perform these two functions, is there any recommended policy to let me know that the authorization key mater key has been loaded successfully?
- As I mentioned above, this is usually done in factory, so the application knows that the keys are already installed
3. Can Key be checked, similar to CMAC check function?
- The keys can’t be read or exported (well, RAM plain key is an exception). To confirm that the key is correctly loaded during their installation: you are calculating M1-M5 values before the loading. M1-M3 values are used to load the keys. CSEc then will return M4 and M5 values. You can compare these values with values calculated by you. If the values are equal, your key was correctly loaded.
Another option to check if key is present – perform some operation like generation of CMAC and check if you are getting expected result or if you are just getting error ERC_KEY_EMPTY.
Regards,
Lukas
Hi Lukas,
What is the recommended approach to one-off operations in the mass production phase?I know that repeated execution of the authorization function and the load function will return errors, but does it affect the verification of the cmac value, and does it affect the other functions of the CSEc module?
No, you will just receive an error. There are no other consequences.
What can make a consequence - that's only secure boot if it fails.
Regards,
Lukas
Hi
What exactly will that do to secure boot? Can't secure boot do this?
If strict secure boot fails, the device won't leave reset anymore. There's no way to recover. If normal secure boot (sequential or parallel) fails then keys with "boot protected" flag set cannot be used. There are no other effects.