ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

CAMC generation and verification failed generated through CSEc compared to offline one

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

CAMC generation and verification failed generated through CSEc compared to offline one

‎05-17-2023 01:02 AM
1,035件の閲覧回数
baseerahmadpiracha
Contributor III

Dear NXP Support Team,

I am currently facing an issue with CMAC generation and verification on S32K144 that uses the CSEc module. Specifically, I have noticed that the CMAC generated through the CSEc module is failing verification when compared to an offline CMAC generated using the same key and data from an open source tool which we intend to use in our host PC afterwards.

Can you please provide guidance on how to troubleshoot this issue? Are there any known limitations or constraints that I should be aware of when using the CSEc module for CMAC generation and verification? Are there any specific settings or configurations that I need to ensure are properly configured to ensure successful CMAC generation and verification through the CSEc module?

Secondly, i would like to ask you about the secure boot functionality of the said MCU. Is there any defined mechanism to enable the secure boot automatically within the MCU or we have to implement it on own side. If there is any defined mechanism kindly guide us how to implement it.

Thank you in advance for your assistance with this matter.

Best regards,

Baseer

タグ(1)
0 件の賞賛
返信
1 返信

‎05-18-2023 12:32 AM
1,016件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @baseerahmadpiracha 

regarding the CMAC, see please my answer here:

https://community.nxp.com/t5/S32K/S32K116-Bricked-after-CSEc-Operations/m-p/1181462/highlight/true#M...

I used test vectors from SHE specification to confirm that the CMAC is generated correctly. The test vector is the best option for start.

Regarding secure boot, you can take a look at this application note:

https://www.nxp.com/webapp/Download?colCode=AN5401&location=null

https://www.nxp.com/webapp/Download?colCode=AN5401SW&location=null

Section "4.4 Secure Boot" explain this in detail. Example "4_secure_boot_add_BOOT_MAC_manual" shows how to enable the secure boot and how to add boot MAC - either automatically or manually.

If you use SDK, you can take a look at this example:

c:\NXP\S32DS.3.4\S32DS\software\S32SDK_S32K1XX_RTM_4.0.3\examples\S32K144\demo_apps\csec_boot_protection\

But I recommend to study AN5401 anyway before using SDK version.

Regards,

Lukas

0 件の賞賛
返信