Hi
I had a problem when debugging the Csec module. I did not erase the Key after loading the key and generating the CMAC value. As a result, when I downloaded the program, the erase failure message appeared. CSEC_DRV_InitRNG function can return SUCCESS normally, but setAuthKey execution failed, resulting in eraseKeys also cannot execute properly, I have some questions please answer:
1. The CSEC_DRV_InitRNG function returns SUCCESS normally. Am I sure I started the Csec module correctly?
2. SetAuthKey fails to be executed, and STATUS_SEC_KEY_UPDATE_ERROR is displayed. What is the cause?
3. Before setting is in I eraseKeys every time I finished debugging, this time no execution, in to download initFlashForCsecOperation function before and after the procedure is not the same place EEESIZE = 2048, not the if condition, Does this mean that my previous Csec partition always existed?
stat returns SUCCESS after executing CSEC DRV InitRNG.
STATUS_SEC_KEY_UPDATE_ERROR occurred while executing setAuthKey.
STATUS_SEC_NO_DEBUGGING occurs when eraseKeys is executed
EEESize = 2048
How do I set up to load key properly and perform erase key?
Regards!
Hi @ZEROOO
1. Yes, this confirms that CSEc is correctly enabled.
2. The MASTER_ECU_KEY was obviously already loaded. I guess you just executed the same project more times. Once MASTER_ECU_KEY is loaded, you can’t simply load it again. The key can only be updated using standard memory update protocol when the counter of the key is incremented.
Second option is to destroy the partition using CMD_DBG_CHAL and CMD_DBG_AUTH commands with knowledge of current MASTER_ECU_KEY and then you can start over – then you can set the partition again (enabled the CSEc) and load the MASTER_ECU_KEY again.
3. eraseKeys function executes commands CMD_DBG_CHAL and CMD_DBG_AUTH mentioned above. It should work unless you modified the MASTER_ECU_KEY. Unsuccessful loading of MASTER_ECU_KEY should not block execution of these commands.
Regards,
Lukas
Thank you very much for your reply, I think the cause of the problem should be found, I did execute the same program for many times, maybe the MASTER_ECU_KEY was changed in the execution process, but the nxp demo program I use, the Key value is also the default value in the demo, is there any way to restore it?
What if the MASTER_ECU_KEY is actually modified? Can you tell me something that might lead to tampering, something I might not have noticed.
PINS_DRV_Init(NUM_OF_CONFIGURED_PINS, g_pin_mux_InitConfigArr);
/* Output direction for the LEDs */
PINS_DRV_SetPinsDirection(GPIO_PORT, (1 << LED_RED) | (1 << LED_GREEN));
/* Set Output value of the LEDs */
PINS_DRV_ClearPins(GPIO_PORT, (1 << LED_RED) | (1 << LED_GREEN));
bool keyLoaded;
uint8_t key[16] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
/* Initialize CSEc driver */
CSEC_DRV_Init(&csec1_State);
/* Initialize Flash for CSEc operation */
initFlashForCsecOperation();
/* Load the MASTER_ECU key with a known value, which will be used as Authorization
* key (a secret key known by the application in order to configure other user keys) */
setAuthKey();
/* Load the selected key */
/* First load => counter == 1 */
keyLoaded = loadKey(CSEC_KEY_1, key, 1);
keyLoaded = loadKey(CSEC_KEY_11, key, 1);
keyLoaded = loadKey(CSEC_MASTER_ECU, key, 2);
keyLoaded = loadKey(CSEC_KEY_1, key, 2);
keyLoaded = loadKey(CSEC_KEY_11, key, 2);
I'm not really sure what happened. I can see that you updated the MASTER_ECU_KEY but the key value is still the same as default one. If it is still the same, the erase function should work. If it doesn't work, the only idea I have is that you somehow changed the key in one of your attempt. The key definitely should not be changed accidentally, it's possible only using the memory update protocol.
Regards,
Lukas
Update the MASTER_ECU_KEY value does not change because I wanted to test the update of the MASTER_ECU_KEY, I have done this many times before and there is no problem, my idea is that even if the MASTER_ECU_KEY is updated to something else, Why does this affect the execution of the key erase function? What would cause the key to be tampered with? Update functions use loadKey(). If the key value changes during the second update of MASTER_ECU_KEY, I don't think it will affect the erasure. This should belong to the update of the key, and the authorization key used for erasure is still MASTER_ECU_KEY. I wonder if there are any other people in NXP who have encountered this situation?
Current MASTER_ECU_KEY is necessary for authorization when running CMD_DBG_AUTH command. You won't be able to erase the keys if you don't know current MASTER_ECU_KEY.
I would need to know complete history of the device to be able to tell what's wrong. Otherwise I can guess only. My recommendation is to start over with new microcontroller.
Regards,
Lukas
Recently, when debugging CSEC, I thought of the problems I raised before. I have some information I would like to ask you to confirm for me.
1.Can the two values in lines 30 to 33 in the following figure be modified? If not, how can we ensure the security of the master key?
2.Assuming that the master key has been authorized, will the execution of eraseKeys be affected when the master key is updated by loadkey? I think the question raised before may be related to this, I am not clear where the master key is used when executing the eraseKeys function, please answer it.