FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

HIS-SHE Functional Specification, v1.1

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

HIS-SHE Functional Specification, v1.1

Jump to solution
‎12-21-2022 05:33 AM
3,236 Views
tz9
Contributor II

Dear NXP-Support Team,

I am currently testing the CSec-Module on the S32K146 on the S32K146EVB using the S32 Design Studio ARM V2.2.

I am trying to store/add several Keys in the CSec-RAM. As a manual, i am using AN5401_S32K_146_M (CSEC) to understand how it works. In Chapter 4.2.1 „Adding keys to secure memory slots“ the process is referred to the PDF-Document „HIS-SHE Functional Specification, v1.1, Section 9.1 Description of memory update protocol“. I can’t seem to find this HIS-SHE Functional Specification. Where can i find it or did its name change over the years ? Thanks.

Sincerely

0 Kudos
Reply
1 Solution

Jump to solution
‎12-22-2022 04:17 AM
3,206 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Execution of CMD_LOAD_KEY command defined by SHE and implemented by CSEc is the only option how to load a key (either first time or next time to update a key).

During development, it's quite simple. You can use a project like 1_Configure_part_and_Load_keys from AN5401 to configure the part and to load the keys.

During production, it depends on your requirements, on capabilities of programming tool and on security measures you want to keep. One option is to use configuration project like from AN5401 loaded to RAM (if supported by programming tool) or to flash and then it can be re-programmed by final application. Or you can load your application and then use some communication interface to send the keys (or rather M1-M5 values) and the application can load them. Or use programming tool which support loading of keys directly (well, this is idea only, I'm not aware of such tool).

Regards,

Lukas

View solution in original post

Reply
5 Replies

Jump to solution
‎12-21-2022 09:45 AM
3,222 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @tz9 ,

The document is not freely available:

lukaszadrapa_0-1671641062657.png

 

Customers should request the specification at their OEM if needed.

 

If you are interested in memory update protocol, you can take a look at application notes for MPC5646C (the first MCU with CSE module). CSE on MPC5646C is different from CSEc on S32K1 but still follows the SHE spec, the functionality is the same, so these details are valid.

 

https://www.nxp.com/docs/en/application-note/AN4234.pdf

https://www.nxp.com/docs/en/application-note-software/AN4234SW.zip

https://www.nxp.com/docs/en/application-note-software/AN4234video.zip

 

https://www.nxp.com/docs/en/application-note/AN4235.pdf

https://www.nxp.com/docs/en/application-note-software/AN4235SW.zip

https://www.nxp.com/docs/en/application-note-software/AN4235video.zip

 

AN4234.pdf explains how the M1-M5 are calculated and AN4234SW.zip also contains some tools for offline generation. Notice that the tools are examples only, it’s not production code.

 

Regards,

Lukas

Reply

Jump to solution
‎12-22-2022 03:35 AM
3,212 Views
tz9
Contributor II

Hi,

Thanks for answering, that helps a lot. I already understood a few around updating the keys, erasing the keys and resetting to factory state. But as a first step. If you have e.g. 5 keys (you can store 3-20) and want to save them  for the first time on the s32K146 CSec-Module/SHE, how do you do it? Because in the examples, they are just defined in the header files. Or Do you use LOAD_KEYS() to save the Keys for the first time ? Thanks.

Sincerely

0 Kudos
Reply

Jump to solution
‎12-22-2022 04:17 AM
3,207 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Execution of CMD_LOAD_KEY command defined by SHE and implemented by CSEc is the only option how to load a key (either first time or next time to update a key).

During development, it's quite simple. You can use a project like 1_Configure_part_and_Load_keys from AN5401 to configure the part and to load the keys.

During production, it depends on your requirements, on capabilities of programming tool and on security measures you want to keep. One option is to use configuration project like from AN5401 loaded to RAM (if supported by programming tool) or to flash and then it can be re-programmed by final application. Or you can load your application and then use some communication interface to send the keys (or rather M1-M5 values) and the application can load them. Or use programming tool which support loading of keys directly (well, this is idea only, I'm not aware of such tool).

Regards,

Lukas

Reply

Jump to solution
‎03-28-2023 07:53 PM
2,619 Views
ZEROOO
Contributor IV

Hi

    Do you need to set flash driver initialization and Csec initialization when using the 1_Configure_part_and_Load_keys from AN5401 example.I am not working properly with 1_Configure_part_and_Load_keys. I don't know what is wrong, please give me some advice.

0 Kudos
Reply

Jump to solution
‎12-22-2022 05:06 AM
3,197 Views
tz9
Contributor II

Thanks, that information was very helpful. I appreciate it !

Tags (1)
0 Kudos
Reply