Csec恢复出厂设置

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Csec恢复出厂设置

1,715 次查看
Kris_chao
Contributor III

请问一下:调用CSEC_DRV_DbgAuth 返回STATUS_SEC_NO_DEBUGGING 是什么情况?

另外问一下如果我的ECU使能了Csec,我想重新分区,我先调用恢复出厂设置命令,然后成功以后查看csec状态寄存器,SB BIN BFN BOK这四个确实已经变成0了,可是这时候我还是不能重新分区,再调用CSEC_DRV_DbgAuth恢复出厂设置也报error。然后我去用jlink操作erase chip,板子就挂了。那这时候Csec使没使能,如果它确实使能了,那SB BIN BFN BOK不可能都为0。但要说它没使能,为什么我进行全擦操作板子就废了。这个Csec搞得好头疼!

0 项奖励
回复
9 回复数

1,617 次查看
danielmartynek
NXP TechSupport
NXP TechSupport

Hi @Kris_chao,

Can you share the code?

What do you mean by the restore factory settings command?

Since you use the SDK, there is the eraseKeys() function in the csec_keyconfig_s32k144 example you can refer to.

If the partitioning is removed, the DEPART register will be set back to 0xF.

Please read the register before you launch the CSEC_DRV_DbgChal(), CSEC_DRV_DbgAuth() commands.

 

Regards,

Daniel

 

 

0 项奖励
回复

1,605 次查看
Kris_chao
Contributor III

我使用的是《S32K1xx系列MCU应用指南之CSEc硬件加密模块使用手册_v2.2.pdf》提到的 Example5_Resetting_flash_to_the_factory_state_SDK3_0_0

代码如下

int main(void)
{
  /* Write your local variable definition here */
  uint16_t Res=0;
  uint8_t  Challenge[16]={0x00u};
  uint8_t DbgAuth[16] = {0x00u};
 
 
  /*** Processor Expert internal initialization. DON'T REMOVE THIS CODE!!! ***/
  #ifdef PEX_RTOS_INIT
    PEX_RTOS_INIT();                   /* Initialization of the selected RTOS. Macro is defined by the RTOS component. */
  #endif
  /*** End of Processor Expert internal initialization.                    ***/
 
  /* Write your code here */
  /* For example: for(;;) { } */
    CSEC_DRV_Init(&csec1_State);
    Res = CSEC_DRV_InitRNG();
 
Res = CSEC_DRV_DbgChal(Challenge);
 
  Res = CalculateDbgAuth(MASTER_ECU_KEY,Challenge,DbgAuth);
 
Res = CSEC_DRV_DbgAuth(DbgAuth);
 
  /*** Don't write any code pass this line, or it will be deleted during code generation. ***/
  /*** RTOS startup code. Macro PEX_RTOS_START is defined by the RTOS component. DON'T MODIFY THIS CODE!!! ***/
  #ifdef PEX_RTOS_START
    PEX_RTOS_START();                  /* Startup of the selected RTOS. Macro is defined by the RTOS component. */
  #endif
  /*** End of RTOS startup code.  ***/
  /*** Processor Expert end of main routine. DON'T MODIFY THIS CODE!!! ***/
  for(;;) {
    if(exit_code != 0) {
      break;
    }
  }
  return exit_code;
  /*** Processor Expert end of main routine. DON'T WRITE CODE BELOW!!! ***/
} /*** End of main routine. DO NOT MODIFY THIS TEXT!!! ***/

 

 

 

 

Res = CSEC_DRV_DbgChal(Challenge);
Res = CalculateDbgAuth(MASTER_ECU_KEY,Challenge,DbgAuth);
调用这两个能返回STATUS_SUCCESS。

最后调用Res = CSEC_DRV_DbgAuth(DbgAuth);

这个Res返回STATUS_SEC_NO_DEBUGGING

0 项奖励
回复

1,590 次查看
danielmartynek
NXP TechSupport
NXP TechSupport

Hi @Kris_chao,

Can you use just the SDK functions from the example: csec_keyconfig_s32k144, and don't mix it with the function from the document?

There is likely a small difference that I don't see.

 

Thank you,

BR, Daniel

0 项奖励
回复

1,535 次查看
Kris_chao
Contributor III

I have ran the  the example: csec_keyconfig_s32k144, but It doesn't seem useful,when I last call CSEC_DRV_DbgAuth, it always return STATUS_SEC_NO_DEBUGGING.

0 项奖励
回复

1,473 次查看
danielmartynek
NXP TechSupport
NXP TechSupport

Did you use the MASTER_ECU_KEY for the authentication?

I mean did you use the example, but with your keys?

/* Load the MASTER_ECU key with a known value, which will be used as Authorization
* key (a secret key known by the application in order to configure other user keys) */
setAuthKey();

 

Do you have other boards with this issue?

 

Regards,

Daniel

0 项奖励
回复

1,439 次查看
Kris_chao
Contributor III

I mean did you use the example, but with your keys?

---Yes, I used with my MASTER_ECU_KEY.

 

Do you have other boards with this issue?

---Yes, I think that after the chip enabled the csec module and loaded the keys, when I attempt restore factory settings and re-load keys multiple times, the issue will happen.

0 项奖励
回复

1,407 次查看
danielmartynek
NXP TechSupport
NXP TechSupport

The SHE specification only states that ERC_NO_DEBUGGING error code is returned if internal debugging is not possible because the authentication with the challenge response protocol did not succeed.

Why do you need to remove the keys multiple time?

Once the keys are removed, the MCU must be parttioned again.

The Program partition FTFC command should be executed only once in the lifetime of the device.

 

Regards,

Daniel

 

0 项奖励
回复

1,704 次查看
danielmartynek
NXP TechSupport
NXP TechSupport

Hello @Kris_chao,

Do you call the CSEC_DRV_DbgChal command first? Does it complete successfully?

danielmartynek_0-1691672332545.png

 

Thanks,

BR, Daniel

 

 

0 项奖励
回复

1,648 次查看
Kris_chao
Contributor III

Yes, I haved call the CSEC_DRV_DbgChal command.  And It completed successfully.

0 项奖励
回复