FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

CSEc command LOAD_KEY returns ERC_KEY_INVALID for some KeyIDs on S32k148

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

CSEc command LOAD_KEY returns ERC_KEY_INVALID for some KeyIDs on S32k148

Jump to solution
‎06-05-2024 12:11 AM
1,449 Views
lwaszniowski
Contributor I

Hello,

I have encountered an interesting problem. I want to install CSEc keys to S32k148 device. The device is partitioned for 20 keys (uCSEcKeySize = 0x03u). I am using functions calculate_M1_to_M5 and LOAD_KEY from AN5401SW in my code.

It works correctly (the LOAD_KEY function returns value 1 = NO_ERROR) for all KeyIDs (0x04 – 0x0D, 0x14 – 0x18) when the master key is used for authorization.

It also works correctly for KeyIDs 0x04 – 0x0D and 0x15 and 0x17, when the old value of the key itself is used for authorization.

However, when I use the old value of the key itself for authorization, the LOAD_KEY function returns value 8 (KEY_INVALID) for KeyIDs 0x14, 0x16, 0x18.

I am sure that the key value used for authorization is correct (the blank key 0xff…ff). I have tested that LOAD_KEY function returns value 0x80 (KEY_UPDATE_ERROR) when wrong value of the authorization key is used.

I have tested it several times. I always unsecure device by the following sequence:

DBG_CHAL,

DBG_AUTH,

FLASH_DRV_EraseAllBlock,

FLASH_DRV_Program configuration fields on address 0x0400 by values {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0xFF,0xFF,0xFF,0xFF,0xFE,0x7F,0xFF,0xFF};

FLASH_DRV_DEFlashPartition

 

Have anybody any idea what can be the root of the problem?

I can use it with master key authorization, but I want to be sure that I understand the process well.

Thanks

Libor Waszniowski

0 Kudos
Reply
1 Solution

Jump to solution
‎06-05-2024 10:17 PM
1,438 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @lwaszniowski 

I reported a bug in function calculate_M1_to_M5() short time ago. It looks like the root cause is the same in your case. See please the report and suggestion how to fix it below:

***

In case of keys from second bank (when KBS = 1, keys KEY_11 - KEY_17), it is not possible to use the same key as authorization key when loading a key. Only MASTER_ECU_KEY can be used.

Reason:

AN5401 says that KBS field should not be considered when calculating M1 and M4 values:

lukaszadrapa_0-1717650875246.png

 

 

lukaszadrapa_1-1717650875053.png

 

However, the function calculate_M1_to_M5() masks KBS only in case of key_id:

lukaszadrapa_2-1717650875130.png

 

If such M1-M5 values are used to load a key to second bank when using the same key as authorization key, ERC_KEY_INVALID is returned.

The solution is to add also this code here:

auth_key_id = auth_key_id & 0x0F;

Then everything works as expected.

Regards,

Lukas

View solution in original post

0 Kudos
Reply
2 Replies

Jump to solution
‎06-05-2024 10:17 PM
1,439 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @lwaszniowski 

I reported a bug in function calculate_M1_to_M5() short time ago. It looks like the root cause is the same in your case. See please the report and suggestion how to fix it below:

***

In case of keys from second bank (when KBS = 1, keys KEY_11 - KEY_17), it is not possible to use the same key as authorization key when loading a key. Only MASTER_ECU_KEY can be used.

Reason:

AN5401 says that KBS field should not be considered when calculating M1 and M4 values:

lukaszadrapa_0-1717650875246.png

 

 

lukaszadrapa_1-1717650875053.png

 

However, the function calculate_M1_to_M5() masks KBS only in case of key_id:

lukaszadrapa_2-1717650875130.png

 

If such M1-M5 values are used to load a key to second bank when using the same key as authorization key, ERC_KEY_INVALID is returned.

The solution is to add also this code here:

auth_key_id = auth_key_id & 0x0F;

Then everything works as expected.

Regards,

Lukas

0 Kudos
Reply

Jump to solution
‎06-05-2024 11:24 PM
1,434 Views
lwaszniowski
Contributor I

Thank you very much for fast response, it really works.

 

Thanks

Libor Waszniowski

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-1881286%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ECSEc%20command%20LOAD_KEY%20returns%20ERC_KEY_INVALID%20for%20some%20KeyIDs%20on%20S32k148%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1881286%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EI%20have%20encountered%20an%20interesting%20problem.%20I%20want%20to%20install%20CSEc%20keys%20to%20S32k148%20device.%20The%20device%20is%20partitioned%20for%2020%20keys%20(uCSEcKeySize%20%3D%200x03u).%20I%20am%20using%20functions%20%3CEM%3Ecalculate_M1_to_M5%3C%2FEM%3E%20and%20%3CEM%3ELOAD_KEY%3C%2FEM%3E%20from%20AN5401SW%20in%20my%20code.%3C%2FP%3E%3CP%3EIt%20works%20correctly%20(the%20%3CEM%3ELOAD_KEY%3C%2FEM%3E%20function%20returns%20value%201%20%3D%20NO_ERROR)%20for%20all%20KeyIDs%20(0x04%20%E2%80%93%200x0D%2C%200x14%20%E2%80%93%200x18)%20when%20the%20master%20key%20is%20used%20for%20authorization.%3C%2FP%3E%3CP%3EIt%20also%20works%20correctly%20for%20KeyIDs%200x04%20%E2%80%93%200x0D%20and%200x15%20and%200x17%2C%20when%20the%20old%20value%20of%20the%20key%20itself%20is%20used%20for%20authorization.%3C%2FP%3E%3CP%3EHowever%2C%20when%20I%20use%20the%20old%20value%20of%20the%20key%20itself%20for%20authorization%2C%20the%20%3CEM%3ELOAD_KEY%3C%2FEM%3E%20function%20returns%20value%208%20(KEY_INVALID)%20for%20KeyIDs%200x14%2C%200x16%2C%200x18.%3C%2FP%3E%3CP%3EI%20am%20sure%20that%20the%20key%20value%20used%20for%20authorization%20is%20correct%20(the%20blank%20key%200xff%E2%80%A6ff).%20I%20have%20tested%20that%20%3CEM%3ELOAD_KEY%3C%2FEM%3E%20function%20returns%20value%200x80%20(KEY_UPDATE_ERROR)%20when%20wrong%20value%20of%20the%20authorization%20key%20is%20used.%3C%2FP%3E%3CP%3EI%20have%20tested%20it%20several%20times.%20I%20always%20unsecure%20device%20by%20the%20following%20sequence%3A%3C%2FP%3E%3CP%3EDBG_CHAL%2C%3C%2FP%3E%3CP%3EDBG_AUTH%2C%3C%2FP%3E%3CP%3EFLASH_DRV_EraseAllBlock%2C%3C%2FP%3E%3CP%3EFLASH_DRV_Program%20configuration%20fields%20on%20address%200x0400%20by%20values%20%7B0xFF%2C0xFF%2C0xFF%2C0xFF%2C0xFF%2C0xFF%2C0xFF%2C0xFF%2C%200xFF%2C0xFF%2C0xFF%2C0xFF%2C0xFE%2C0x7F%2C0xFF%2C0xFF%7D%3B%3C%2FP%3E%3CP%3EFLASH_DRV_DEFlashPartition%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EHave%20anybody%20any%20idea%20what%20can%20be%20the%20root%20of%20the%20problem%3F%3C%2FP%3E%3CP%3EI%20can%20use%20it%20with%20master%20key%20authorization%2C%20but%20I%20want%20to%20be%20sure%20that%20I%20understand%20the%20process%20well.%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3ELibor%20Waszniowski%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1882431%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20CSEc%20command%20LOAD_KEY%20returns%20ERC_KEY_INVALID%20for%20some%20KeyIDs%20on%20S32k148%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1882431%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EThank%20you%20very%20much%20for%20fast%20response%2C%20it%20really%20works.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EThanks%3C%2FP%3E%3CP%3ELibor%20Waszniowski%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1882363%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20CSEc%20command%20LOAD_KEY%20returns%20ERC_KEY_INVALID%20for%20some%20KeyIDs%20on%20S32k148%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1882363%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F145729%22%20target%3D%22_blank%22%3E%40lwaszniowski%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20reported%20a%20bug%20in%20function%20calculate_M1_to_M5()%20short%20time%20ago.%20It%20looks%20like%20the%20root%20cause%20is%20the%20same%20in%20your%20case.%20See%20please%20the%20report%20and%20suggestion%20how%20to%20fix%20it%20below%3A%3C%2FP%3E%0A%3CP%3E***%3C%2FP%3E%0A%3CP%3EIn%20case%20of%20keys%20from%20second%20bank%20(when%20KBS%20%3D%201%2C%20keys%20KEY_11%20-%20KEY_17)%2C%20it%20is%20not%20possible%20to%20use%20the%20same%20key%20as%20authorization%20key%20when%20loading%20a%20key.%20Only%20MASTER_ECU_KEY%20can%20be%20used.%3C%2FP%3E%0A%3CP%3EReason%3A%3C%2FP%3E%0A%3CP%3EAN5401%20says%20that%20KBS%20field%20should%20not%20be%20considered%20when%20calculating%20M1%20and%20M4%20values%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22lukaszadrapa_0-1717650875246.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22lukaszadrapa_0-1717650875246.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F282766i13BF8C88AF947261%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22lukaszadrapa_0-1717650875246.png%22%20alt%3D%22lukaszadrapa_0-1717650875246.png%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CBR%20%2F%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22lukaszadrapa_1-1717650875053.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22lukaszadrapa_1-1717650875053.png%22%20style%3D%22width%3A%20399px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F282767i7214BB0782E051DF%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22lukaszadrapa_1-1717650875053.png%22%20alt%3D%22lukaszadrapa_1-1717650875053.png%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3EHowever%2C%20the%20function%20calculate_M1_to_M5()%20masks%20KBS%20only%20in%20case%20of%20key_id%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22lukaszadrapa_2-1717650875130.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22lukaszadrapa_2-1717650875130.png%22%20style%3D%22width%3A%20397px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F282765iD9392FCA9AA6A8E5%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22lukaszadrapa_2-1717650875130.png%22%20alt%3D%22lukaszadrapa_2-1717650875130.png%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3EIf%20such%20M1-M5%20values%20are%20used%20to%20load%20a%20key%20to%20second%20bank%20when%20using%20the%20same%20key%20as%20authorization%20key%2C%20ERC_KEY_INVALID%20is%20returned.%3C%2FP%3E%0A%3CP%3EThe%20solution%20is%20to%20add%20also%20this%20code%20here%3A%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3Eauth_key_id%20%3D%20auth_key_id%20%26amp%3B%200x0F%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EThen%20everything%20works%20as%20expected.%3C%2FP%3E%0A%3CP%3ERegards%2C%3C%2FP%3E%0A%3CP%3ELukas%3C%2FP%3E%3C%2FLINGO-BODY%3E