Csec恢复出厂设置

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Csec恢复出厂设置

1,715件の閲覧回数
Kris_chao
Contributor III

请问一下:调用CSEC_DRV_DbgAuth 返回STATUS_SEC_NO_DEBUGGING 是什么情况?

另外问一下如果我的ECU使能了Csec,我想重新分区,我先调用恢复出厂设置命令,然后成功以后查看csec状态寄存器,SB BIN BFN BOK这四个确实已经变成0了,可是这时候我还是不能重新分区,再调用CSEC_DRV_DbgAuth恢复出厂设置也报error。然后我去用jlink操作erase chip,板子就挂了。那这时候Csec使没使能,如果它确实使能了,那SB BIN BFN BOK不可能都为0。但要说它没使能,为什么我进行全擦操作板子就废了。这个Csec搞得好头疼!

0 件の賞賛
返信
9 返答(返信)

1,617件の閲覧回数
danielmartynek
NXP TechSupport
NXP TechSupport

Hi @Kris_chao,

Can you share the code?

What do you mean by the restore factory settings command?

Since you use the SDK, there is the eraseKeys() function in the csec_keyconfig_s32k144 example you can refer to.

If the partitioning is removed, the DEPART register will be set back to 0xF.

Please read the register before you launch the CSEC_DRV_DbgChal(), CSEC_DRV_DbgAuth() commands.

 

Regards,

Daniel

 

 

0 件の賞賛
返信

1,605件の閲覧回数
Kris_chao
Contributor III

我使用的是《S32K1xx系列MCU应用指南之CSEc硬件加密模块使用手册_v2.2.pdf》提到的 Example5_Resetting_flash_to_the_factory_state_SDK3_0_0

代码如下

int main(void)
{
  /* Write your local variable definition here */
  uint16_t Res=0;
  uint8_t  Challenge[16]={0x00u};
  uint8_t DbgAuth[16] = {0x00u};
 
 
  /*** Processor Expert internal initialization. DON'T REMOVE THIS CODE!!! ***/
  #ifdef PEX_RTOS_INIT
    PEX_RTOS_INIT();                   /* Initialization of the selected RTOS. Macro is defined by the RTOS component. */
  #endif
  /*** End of Processor Expert internal initialization.                    ***/
 
  /* Write your code here */
  /* For example: for(;;) { } */
    CSEC_DRV_Init(&csec1_State);
    Res = CSEC_DRV_InitRNG();
 
Res = CSEC_DRV_DbgChal(Challenge);
 
  Res = CalculateDbgAuth(MASTER_ECU_KEY,Challenge,DbgAuth);
 
Res = CSEC_DRV_DbgAuth(DbgAuth);
 
  /*** Don't write any code pass this line, or it will be deleted during code generation. ***/
  /*** RTOS startup code. Macro PEX_RTOS_START is defined by the RTOS component. DON'T MODIFY THIS CODE!!! ***/
  #ifdef PEX_RTOS_START
    PEX_RTOS_START();                  /* Startup of the selected RTOS. Macro is defined by the RTOS component. */
  #endif
  /*** End of RTOS startup code.  ***/
  /*** Processor Expert end of main routine. DON'T MODIFY THIS CODE!!! ***/
  for(;;) {
    if(exit_code != 0) {
      break;
    }
  }
  return exit_code;
  /*** Processor Expert end of main routine. DON'T WRITE CODE BELOW!!! ***/
} /*** End of main routine. DO NOT MODIFY THIS TEXT!!! ***/

 

 

 

 

Res = CSEC_DRV_DbgChal(Challenge);
Res = CalculateDbgAuth(MASTER_ECU_KEY,Challenge,DbgAuth);
调用这两个能返回STATUS_SUCCESS。

最后调用Res = CSEC_DRV_DbgAuth(DbgAuth);

这个Res返回STATUS_SEC_NO_DEBUGGING

0 件の賞賛
返信

1,590件の閲覧回数
danielmartynek
NXP TechSupport
NXP TechSupport

Hi @Kris_chao,

Can you use just the SDK functions from the example: csec_keyconfig_s32k144, and don't mix it with the function from the document?

There is likely a small difference that I don't see.

 

Thank you,

BR, Daniel

0 件の賞賛
返信

1,535件の閲覧回数
Kris_chao
Contributor III

I have ran the  the example: csec_keyconfig_s32k144, but It doesn't seem useful,when I last call CSEC_DRV_DbgAuth, it always return STATUS_SEC_NO_DEBUGGING.

0 件の賞賛
返信

1,473件の閲覧回数
danielmartynek
NXP TechSupport
NXP TechSupport

Did you use the MASTER_ECU_KEY for the authentication?

I mean did you use the example, but with your keys?

/* Load the MASTER_ECU key with a known value, which will be used as Authorization
* key (a secret key known by the application in order to configure other user keys) */
setAuthKey();

 

Do you have other boards with this issue?

 

Regards,

Daniel

0 件の賞賛
返信

1,439件の閲覧回数
Kris_chao
Contributor III

I mean did you use the example, but with your keys?

---Yes, I used with my MASTER_ECU_KEY.

 

Do you have other boards with this issue?

---Yes, I think that after the chip enabled the csec module and loaded the keys, when I attempt restore factory settings and re-load keys multiple times, the issue will happen.

0 件の賞賛
返信

1,407件の閲覧回数
danielmartynek
NXP TechSupport
NXP TechSupport

The SHE specification only states that ERC_NO_DEBUGGING error code is returned if internal debugging is not possible because the authentication with the challenge response protocol did not succeed.

Why do you need to remove the keys multiple time?

Once the keys are removed, the MCU must be parttioned again.

The Program partition FTFC command should be executed only once in the lifetime of the device.

 

Regards,

Daniel

 

0 件の賞賛
返信

1,704件の閲覧回数
danielmartynek
NXP TechSupport
NXP TechSupport

Hello @Kris_chao,

Do you call the CSEC_DRV_DbgChal command first? Does it complete successfully?

danielmartynek_0-1691672332545.png

 

Thanks,

BR, Daniel

 

 

0 件の賞賛
返信

1,648件の閲覧回数
Kris_chao
Contributor III

Yes, I haved call the CSEC_DRV_DbgChal command.  And It completed successfully.

0 件の賞賛
返信