Hi,
I am trying to achieve SHE based secure boot using S32K312 microcontroller. My aim is to load the keys to secure NVM of HSE. For loading the keys, I am generating M1, M2 and M3 messages using Miyaguchi-Preneel Compression protocol and AES encryption. I am getting HSE_SRV_RSP_INVALID_PARAM as a response from HSE.
Please check below details.
1) Microcontroller : S32K312_100MQFP
2) IDE: S32DS 3.5
3) SDK Version: PlatformSDK_S32K3_2022_03
Steps I am following :
1) Key Catalogue Formatting -> Getting HSE_SRV_RSP_OK
2) Load She keys to Secure NVM
2.1. Loading ECU_MASTER_KEY
2.1.1 Miyaguchi-Preneel Compression
API : Crypto_Exts_MPCompression(constArr, (uint32)(AES_BLOCK_SIZE * 2), K1, ConstOutLen)
Parameters: constArr -> const uint8_t *constArr This is input data
(uint32)(AES_BLOCK_SIZE * 2) -> Size of input data which is 32 bytes.
K1 -> const uint8_t K1[AES_BLOCK_SIZE * 2]; -> output
ConstOutLen -> const uint32_t *ConstOutLen -> length of the output
Any help on this topic is highly recommended.
Thanks in advance.
已解决! 转到解答。
Hi @shravani
I got attached test code which shows how to generate M1-M3 values using Crypto layer. There's a function Crypto_CalculatedM1M2M3().
Regards,
Lukas
Hi @lukaszadrapa ,
What attributes should we set while loading SHE key to secure NVM. In the RM758221-HSE-B Firmware Reference Manual - V2.1(2.1).pdf it is mentioned as below.
However, In the configurator I cannot see the WILDCARD and KEY_USAGE flag.
Can you please guide me on this?
You can set required flags when calculating M1-M3 values. The function is:
void Crypto_CalculatedM1M2M3(CONST(uint8, AUTOMATIC) authKey[16], uint8 authKeyId, uint8 keyId, CONST(uint8, AUTOMATIC) key[16], uint32 counter, CONST(uint8, AUTOMATIC) uid[15], uint8 flags, VAR(uint8, AUTOMATIC) KeyPram[64])
Parameter 'uint8 flags' should be used. The order of bits is:
For example, if you want to set VERIFY_ONLY, the 'flags' should be 0x01.
There are no general rules which flags should be set, it depends on your requirements and on your application.
Regards,
Lukas
PS. Still waiting for response from SW team...
Hi @lukaszadrapa,
Thank you for the clarification.
I am getting HSE_SRV_RSP_KEY_INVALID while caling RetVal = Crypto_KeyElementSet(ECU_MASTER_KEY_ID, SHE_KEY_MATERIAL_ELEMENT_ID, KeyPram, 64)
for this error it says in SHE, the key ID provided is either invalid or non-usable due to some flag restrictions. */
I am following example which you shared Crypto_CalculatedM1M2M3 and giving the flag value as 0 and configured the value as VERIFY ONLY from the configurator for the key. I tried by changing these 0 values to 1 for but still error is same.
P.S. I am able to load the key in plain format. But when encryption is applied, error is coming.
Some update: provided code was intended mainly for S32K1 and its CSEc. So, make sure that "CSEC" is not defined because EmptyKey needs to be all '0' for HSE:
#ifdef CSEC
static uint8 au8EmptyKey[SHE_KEY_SIZE] =
{
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
};
#else
/* Array to be passed to Crypto driver during various operations as output buffer */
static uint8 au8EmptyKey[SHE_KEY_SIZE] =
{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
#endif
And next thing - CSEc on S32K1 has either 5 or 6 attribute key flags. SHE define 5 flags and there could be one more flag enabled (VERIFY_ONLY). HSE always expects 6 flags. But I can see that the code expects 5 flags only:
aM2Plain[3] |= (flags & 0x1e) >> 1U;
aM2Plain[4] |= (flags & 0x01) << 7U;
You can update it to this:
aM2Plain[3] |= (flags & 0x3c) >> 2U;
aM2Plain[4] |= (flags & 0x03) << 6U;
To understand where it goes - there's 28bit counter in M2 value and then the flags...
But if you used flags=0, I don't think this will make a difference.