Hey folks, just wanted to throw out some lessons learned in using the CSEc module on the S32K.
1) This App Note does a better job of explaining the CSEc than the doxygen documentation or the reference manual. If you're using crypto I would start by reading this thoroughly:
2) This isn't especially clear from the Reference Manual, but the CSEc will not work until the "FlexNVM" space has been partitioned with a flash command. In other words, "CSEC_DRV_Init" will do nothing until you call the flash command as shown in the doxygen documentation.
What's also important to note, is that #2 applies to any command. I had assumed that if I were simply generating random numbers, I didn't need to partition a space for keys. The CSEc RAM space would not accept commands, and would always return 0... as mentioned above, it turns out the CSEc will not respond to *any* command until the flash is partitioned.
Hopefully that helps someone!
I am also trying to use the PRNG. I found the following description in RM: "To access the command feature set, the part must be configured for EEE operation, using the PGMPART command. See more in Program Partition command.."
So I checked Program Partition command: " The Program Partition command prepares the FlexNVM block for use as data flash, emulated EEPROM backup, or a combination of both and initializes the FlexRAM. The Program Partition command must not be launched from flash memory, since flash memory resources are not accessible during Program Partition command execution. Changes related to execution of the Program Partition command take effect after the next reset.
It seems like with a new board, PRNG will not work until the FlexRAM is set by Program Partition command. However, the Program Partition command must be launched in RAM mode. So I reset FlexRAM through the Example code " csec_keyconfig" from S32DS in Debug_RAM mode. Then the PRNG works good in my own application without FLASH Components. I am not sure if this is the right way.
Yes, you can partition using that example, since partitioning is only meant to happen *once* during a device's life.
However, if you're developing a product that needs CSEc, you still need to account for partitioning in your production code's first boot.