ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

CSEc command LOAD_KEY returns ERC_KEY_INVALID for some KeyIDs on S32k148

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

CSEc command LOAD_KEY returns ERC_KEY_INVALID for some KeyIDs on S32k148

ソリューションへジャンプ
‎06-05-2024 12:11 AM
418件の閲覧回数
lwaszniowski
Contributor I

Hello,

I have encountered an interesting problem. I want to install CSEc keys to S32k148 device. The device is partitioned for 20 keys (uCSEcKeySize = 0x03u). I am using functions calculate_M1_to_M5 and LOAD_KEY from AN5401SW in my code.

It works correctly (the LOAD_KEY function returns value 1 = NO_ERROR) for all KeyIDs (0x04 – 0x0D, 0x14 – 0x18) when the master key is used for authorization.

It also works correctly for KeyIDs 0x04 – 0x0D and 0x15 and 0x17, when the old value of the key itself is used for authorization.

However, when I use the old value of the key itself for authorization, the LOAD_KEY function returns value 8 (KEY_INVALID) for KeyIDs 0x14, 0x16, 0x18.

I am sure that the key value used for authorization is correct (the blank key 0xff…ff). I have tested that LOAD_KEY function returns value 0x80 (KEY_UPDATE_ERROR) when wrong value of the authorization key is used.

I have tested it several times. I always unsecure device by the following sequence:

DBG_CHAL,

DBG_AUTH,

FLASH_DRV_EraseAllBlock,

FLASH_DRV_Program configuration fields on address 0x0400 by values {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0xFF,0xFF,0xFF,0xFF,0xFE,0x7F,0xFF,0xFF};

FLASH_DRV_DEFlashPartition

 

Have anybody any idea what can be the root of the problem?

I can use it with master key authorization, but I want to be sure that I understand the process well.

Thanks

Libor Waszniowski

0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎06-05-2024 10:17 PM
407件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @lwaszniowski 

I reported a bug in function calculate_M1_to_M5() short time ago. It looks like the root cause is the same in your case. See please the report and suggestion how to fix it below:

***

In case of keys from second bank (when KBS = 1, keys KEY_11 - KEY_17), it is not possible to use the same key as authorization key when loading a key. Only MASTER_ECU_KEY can be used.

Reason:

AN5401 says that KBS field should not be considered when calculating M1 and M4 values:

lukaszadrapa_0-1717650875246.png

 

 

lukaszadrapa_1-1717650875053.png

 

However, the function calculate_M1_to_M5() masks KBS only in case of key_id:

lukaszadrapa_2-1717650875130.png

 

If such M1-M5 values are used to load a key to second bank when using the same key as authorization key, ERC_KEY_INVALID is returned.

The solution is to add also this code here:

auth_key_id = auth_key_id & 0x0F;

Then everything works as expected.

Regards,

Lukas

元の投稿で解決策を見る

0 件の賞賛
返信
2 返答(返信)

ソリューションへジャンプ
‎06-05-2024 10:17 PM
408件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @lwaszniowski 

I reported a bug in function calculate_M1_to_M5() short time ago. It looks like the root cause is the same in your case. See please the report and suggestion how to fix it below:

***

In case of keys from second bank (when KBS = 1, keys KEY_11 - KEY_17), it is not possible to use the same key as authorization key when loading a key. Only MASTER_ECU_KEY can be used.

Reason:

AN5401 says that KBS field should not be considered when calculating M1 and M4 values:

lukaszadrapa_0-1717650875246.png

 

 

lukaszadrapa_1-1717650875053.png

 

However, the function calculate_M1_to_M5() masks KBS only in case of key_id:

lukaszadrapa_2-1717650875130.png

 

If such M1-M5 values are used to load a key to second bank when using the same key as authorization key, ERC_KEY_INVALID is returned.

The solution is to add also this code here:

auth_key_id = auth_key_id & 0x0F;

Then everything works as expected.

Regards,

Lukas

0 件の賞賛
返信

ソリューションへジャンプ
‎06-05-2024 11:24 PM
403件の閲覧回数
lwaszniowski
Contributor I

Thank you very much for fast response, it really works.

 

Thanks

Libor Waszniowski

0 件の賞賛
返信