Understanding secure boot provisioning on S32G

nhorman · ‎03-15-2023

Hello there-

I'm trying to figure out secure boot on the S32G Goldbox Reference Platform. I've read AN13495 which seems to detail how to manage the key catalog using libp11 at run time, which is well and good, but that app note I think presumes that a key is already enrolled in the hardware and the corresponding e-fuses are blown. I'm looking for documentation that describes the process for actually doing that initial provisioning. I'm used to the process on the I.MX8 board in which a u-boot utility can be used to set the OTP memory, but I can't find anything that describes the process on S32G (or even if the process is the same or different).

I understand that S32G is largely under NDA, but if someone can just point me to an application note number of document title that describes what I'm looking for, so I know what to ask for access to, that would be helpful.

Thanks!

Daniel-Aguirre · ‎03-15-2023

Hi,

The secure boot on S32G platform is mainly referring to the HSE subsystem/firmware available under the S32G platform (link: Hardware Security Engine (HSE) – Product Brief (nxp.com)).

The HSE subsystem (and the related information to it) is confidential (given that HSE is confidential and under NDA) for which we cannot provide information about it on a public channel. We recommend you to either opening a ticket under the NXP online services or sending this inquiry to your local NXP representative/FAE.

As a note, there is a brief description of the boot flow on the S32G2 Reference Manual [Page 1160, S32G2 Reference Manual, Rev. 6, 11/2022], but everything related to specifics of the HSE subsystem might not be specified. This same information is also summarized on the AN12422 available on the S32G2 product page (link: S32G2 Safe and Secure Vehicle Network Processor | NXP Semiconductors)

Please, let us know.