FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

HSE concept

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

HSE concept

Jump to solution
‎11-28-2025 02:20 AM
3,131 Views
anpa711
Contributor II

Hi NXP,

 

Is the synchronization taken care internally for accessing the HSE from M7 and from A53 in parallel? Are they completely separated?
If there is usage of the HSE as per SHE specification on M7 and usage of the HSE as per pkcs11 on A53 can they in theory access each other keys (use same keys for some cryptography)? Can we provision key with SHE but use it on other partition?

Custom board using s32g274

Regards,

anpa

Tags (1)
0 Kudos
Reply
1 Solution

Jump to solution
‎12-02-2025 03:06 AM
3,022 Views
chenyin_h
NXP Employee
NXP Employee

Hello, @anpa711 

Thanks for your reply.

1. From S32G perspective, there is only a SHE based secure boot demo provided, included in the HSE_DEMOAPP,  which could be found from the HSE FW download page in your NXP account.

2. For S32K part, sorry that I am not very familiar with it and the replies should be provisioned by my colleague that response to this board: https://community.nxp.com/t5/S32K/bd-p/S32K

 

BR

Chenyin

View solution in original post

0 Kudos
Reply
5 Replies

Jump to solution
‎12-01-2025 09:30 AM
3,050 Views
anpa711
Contributor II

Hi chenyin_h,

 

Thx for answer.

 

1. OK understood, we dont need to do any synchronization I guess

2. I didnt meant to extract the key I meant the following use case. With SHE spec I provision AES key to slot 8. When this key exist using this key on A53 side to decrypt/encrypt using pkcs11. Is this possible?

 

Regards,

anpa

0 Kudos
Reply

Jump to solution
‎12-01-2025 09:20 PM
3,040 Views
chenyin_h
NXP Employee
NXP Employee

Hello, @anpa711 
Thanks for your reply.

Yes, it is possible.

 

BR

Chenyin

0 Kudos
Reply

Jump to solution
‎12-02-2025 12:50 AM
3,035 Views
anpa711
Contributor II

Hi  chenyin_h,

Thx this looks than good.

Do you provide with your MCALs for s32K and s32g some key provisioning demo/test as per SHE specification (we are using EB Autosar stack plus your MCAL) or in some other form?

 

Regards,

anpa

0 Kudos
Reply

Jump to solution
‎12-02-2025 03:06 AM
3,023 Views
chenyin_h
NXP Employee
NXP Employee

Hello, @anpa711 

Thanks for your reply.

1. From S32G perspective, there is only a SHE based secure boot demo provided, included in the HSE_DEMOAPP,  which could be found from the HSE FW download page in your NXP account.

2. For S32K part, sorry that I am not very familiar with it and the replies should be provisioned by my colleague that response to this board: https://community.nxp.com/t5/S32K/bd-p/S32K

 

BR

Chenyin

0 Kudos
Reply

Jump to solution
‎11-30-2025 08:37 PM
3,068 Views
chenyin_h
NXP Employee
NXP Employee

Hello, @anpa711 

Thanks for your post.

1. Typically, the M7 part will access the HSE via one MU, while A53 part may access the HSE in parallel via another MU, the HSE will handle these requirements base on its internal logic, it is transparent to the users. 

2. In HSE, the SHE keys is with HSE_KEY_TYPE_SHE, while the common operation may be with HSE_KEY_TYPE_AES, they are different types in HSE, and the SHE operation could only be provisioned via SHE services only,  exporting a key of type HSE_KEY_TYPE_SHE is not possible.

 

BR

Chenyin

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2250995%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3EHSE%20concept%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2250995%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%20NXP%2C%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EIs%20the%20synchronization%20taken%20care%20internally%20for%20accessing%20the%20HSE%20from%20M7%20and%20from%20A53%20in%20parallel%3F%20Are%20they%20completely%20separated%3F%3CBR%20%2F%3EIf%20there%20is%20usage%20of%20the%20HSE%20as%20per%20SHE%20specification%20on%20M7%20and%20usage%20of%20the%20HSE%20as%20per%20pkcs11%20on%20A53%20can%20they%20in%20theory%20access%20each%20other%20keys%20(use%20same%20keys%20for%20some%20cryptography)%3F%20Can%20we%20provision%20key%20with%20SHE%20but%20use%20it%20on%20other%20partition%3F%3C%2FP%3E%3CP%3ECustom%20board%20using%20s32g274%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3Eanpa%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2251664%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20HSE%20concept%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2251664%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F252362%22%20target%3D%22_blank%22%3E%40anpa711%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20for%20your%20post.%3C%2FP%3E%0A%3CP%3E1.%20Typically%2C%20the%20M7%20part%20will%20access%20the%20HSE%20via%20one%20MU%2C%20while%20A53%20part%20may%20access%20the%20HSE%20in%20parallel%20via%20another%20MU%2C%20the%20HSE%20will%20handle%20these%20requirements%20base%20on%20its%20internal%20logic%2C%20it%20is%20transparent%20to%20the%20users.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E2.%20In%20HSE%2C%20the%20SHE%20keys%20is%20with%20HSE_KEY_TYPE_SHE%2C%20while%20the%20common%20operation%20may%20be%20with%20HSE_KEY_TYPE_AES%2C%20they%20are%20different%20types%20in%20HSE%2C%20and%20the%20SHE%20operation%20could%20only%20be%20provisioned%20via%20SHE%20services%20only%2C%26nbsp%3B%26nbsp%3Be%3CSPAN%20class%3D%22fontstyle0%22%3Exporting%20a%20key%20of%20type%20HSE_KEY_TYPE_SHE%20is%20not%20possible.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3E%3CSPAN%20class%3D%22fontstyle0%22%3EBR%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22fontstyle0%22%3EChenyin%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2252751%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20HSE%20concept%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2252751%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F252362%22%20target%3D%22_blank%22%3E%40anpa711%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EThanks%20for%20your%20reply.%3C%2FP%3E%0A%3CP%3EYes%2C%20it%20is%20possible.%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3EBR%3C%2FP%3E%0A%3CP%3EChenyin%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2253075%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20HSE%20concept%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2253075%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F252362%22%20target%3D%22_blank%22%3E%40anpa711%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20for%20your%20reply.%3C%2FP%3E%0A%3CP%3E1.%20From%20S32G%20perspective%2C%20there%20is%20only%20a%20SHE%20based%20secure%20boot%20demo%20provided%2C%20included%20in%20the%26nbsp%3BHSE_DEMOAPP%2C%26nbsp%3B%20which%20could%20be%20found%20from%20the%20HSE%20FW%20download%20page%20in%20your%20NXP%20account.%3C%2FP%3E%0A%3CP%3E2.%20For%20S32K%20part%2C%20sorry%20that%20I%20am%20not%20very%20familiar%20with%20it%20and%20the%20replies%20should%20be%20provisioned%20by%20my%20colleague%20that%20response%20to%20this%20board%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2FS32K%2Fbd-p%2FS32K%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Fcommunity.nxp.com%2Ft5%2FS32K%2Fbd-p%2FS32K%3C%2FA%3E%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3EBR%3C%2FP%3E%0A%3CP%3EChenyin%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2252915%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20HSE%20concept%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2252915%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%26nbsp%3B%3CSPAN%20class%3D%22%22%3E%20%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F24163%22%20target%3D%22_self%22%3E%3CSPAN%20class%3D%22%22%3Echenyin_h%3C%2FSPAN%3E%3C%2FA%3E%3C%2FSPAN%3E%2C%3C%2FP%3E%3CP%3EThx%20this%20looks%20than%20good.%3C%2FP%3E%3CP%3EDo%20you%20provide%20with%20your%20MCALs%20for%20s32K%20and%20s32g%20some%20key%20provisioning%20demo%2Ftest%20as%20per%20SHE%20specification%20(we%20are%20using%20EB%20Autosar%20stack%20plus%20your%20MCAL)%20or%20in%20some%20other%20form%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3Eanpa%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2252419%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20HSE%20concept%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2252419%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%26nbsp%3B%3CSPAN%20class%3D%22%22%3E%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F24163%22%20target%3D%22_self%22%3E%3CSPAN%20class%3D%22%22%3Echenyin_h%2C%3C%2FSPAN%3E%3C%2FA%3E%20%3C%2FSPAN%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CSPAN%20class%3D%22%22%3E%3CSPAN%20class%3D%22%22%3EThx%20for%20answer.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CSPAN%20class%3D%22%22%3E%3CSPAN%20class%3D%22%22%3E1.%20OK%20understood%2C%20we%20dont%20need%20to%20do%20any%20synchronization%20I%20guess%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3E%3CSPAN%20class%3D%22%22%3E2.%20I%20didnt%20meant%20to%20extract%20the%20key%20I%20meant%20the%20following%20use%20case.%20With%20SHE%20spec%20I%20provision%20AES%20key%20to%20slot%208.%20When%20this%20key%20exist%20using%20this%20key%20on%20A53%20side%20to%20decrypt%2Fencrypt%20using%20pkcs11.%20Is%20this%20possible%3F%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CSPAN%20class%3D%22%22%3E%3CSPAN%20class%3D%22%22%3ERegards%2C%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3E%3CSPAN%20class%3D%22%22%3Eanpa%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E