AN5401 CSEc Security Module based S32K148

shai_b · ‎04-07-2020

Hello team,

My customer has the following issues with S32K148 and CSEc Module, please find below his questions:

1) CSEc key attributes

Are the attributes for each key persistent when a key is updated or do I need to re-define them for the updated key?

2) Signing tools

According to AN5401 the toolchain for firmware signing is a combination of executables and Perl scripts. The product is an automotive ECU with a very long lifespan, so we want the signing key to be secure as much as possible. One of the options is to store this key in an HSM and not as a file/soft token in the built environment. The CMAC calculation tool that is provided is open source, but we wish to avoid the development effort for integrating an HSM (through its PKCS#11 interface). Does NXP provide a better toolchain for firmware signing or is this toolchain from AN5401 the only one? Can we get some test vectors if we want to implement a python script instead of the NXP-provided toolchain?

3) What is the exact process for key provisioning? currently, the following process is defined:

         1) 1st Power-on
       2) Initial MCU firmware signing key provisioning via JTAG
         3) MCU FW flashing
         4) 2nd Power-on (Secure Boot is now activated)
         5) Additional key provisioning via application-level API
         6) Key validation using the application-level API for key checksum readout
         7) Rework as needed

Is this process accurate? Is it only possible to provide the initial signing key via JTAG or is there another recommended method?

Please advise back, Thanks in advance and stay safe.

Kind regards,

Shai

lukaszadrapa · ‎04-08-2020

Hi Shai,

The attributes are used when deriving M2 value needed for key update, so you need to provide the attributes. If you use the same values or if you change them – that’s up to you.
I guess you mean scripts and tools provided in AN4235, right? There’s a note in the application note:

“An example perl script which has been used in the binary image generation, is available in AN4235SW. Note that this is for demonstration of the concept being discussed here only and is not intended for production purpose.”

For offline calculation, https://www.openssl.org/ can be used.

Test vectors for CMAC can be found, for example, here:

https://tools.ietf.org/html/draft-songlee-aes-cmac-01#section-5

It’s available also in SHE specification but I can’t share it.

Yes, that’s correct. But be aware that if strict secure boot is used, the BOOT_MAC must be added manually. Automatic CMAC signature doesn’t work in this mode. And it’s also not possible to change the boot mode anymore. In case of normal sequential or parallel boot mode, there are no such limitations.
Initial configuration (partitioning, adding keys) can be done either directly via JTAG/SWD (you can write a script which will write the registers directly as needed) or you can load temporary image to flash or RAM which will be executed and which will do all these settings. This depends on capabilities of your production programmer.

Regards,

Lukas

shai_b · ‎04-13-2020

Hi Lukas,

Thanks for your detailed answer, Regarding the 4th question, a decent application note or example scripts with some generic JTAG tool would be helpful. The group that will do it in production is a team from China, that needs very detailed guidance.

Please advise back, Thanks in advance.

KR,

Shai

lukaszadrapa · ‎04-14-2020

Hi Shai,

my recommendation is to check the steps provided in AN5401.

These examples:

1_Configure_part_and_Load_keys

2_Update_user_keys

4_secure_boot_add_BOOT_MAC_manual

... that's, in fact, the procedure you need to perform in a factory. Either via JTAG or by configuration application as I mentioned before. Unfortunately I do not have other materials because this is highly dependent on used tools.

Regards,

Lukas