HSE S32K358 Demo - Update Key Handle Problem

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

HSE S32K358 Demo - Update Key Handle Problem

ソリューションへジャンプ
1,066件の閲覧回数
Yetkin
Contributor I

Hi,


I installed HSE firmware and demo app software on S32K358. However, when I try to load a AES key that has different key handle value, HSE responses as invalid param (0x55A5A399). I also formatted key catalogs after changing key handle value. What is the reason of it? How can I solve this?

Thank you

 

0 件の賞賛
返信
1 解決策
980件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

The HSE FW reference manual can be downloaded in this page:
https://www.nxp.com/products/processors-and-microcontrollers/s32-automotive-platform/s32k-auto-gener...
Go to the Documentation -> Secure Files. Here you should find "HSE-B Firmware Reference Manual - V2.2", document number RM758222.


In case of:
#define HSE_DEMO_SHE_RAM_KEY_HANDLE GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 0)
... you are trying to put SHE key to group HSE_KEY_TYPE_AES:
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_AES, 10U, HSE_KEY128_BITS}
You need to make sure that the key type matches the group type.

In case of:
#define HSE_DEMO_RAM_AES128_KEY0 GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 0, 0)
... you are trying to put AES key to group HSE_KEY_TYPE_SHE:
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_SHE, 1U, HSE_KEY128_BITS}

And in case of:
#define HSE_DEMO_RAM_AES128_KEY1 GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 1)
... this one should work.

Please take a look at the manual as I wrote earlier.

Regards,
Lukas

元の投稿で解決策を見る

0 件の賞賛
返信
3 返答(返信)
1,033件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @Yetkin 

Could you show me value of used key handle and how the key catalogs are defined? You can take a look at Table 45 in the HSE-B Firmware Reference Manual v2.2. It shows some examples of valid and invalid key handle value based on catalogs defined on previous page. This could help to find the root cause. 

Regards,

Lukas

0 件の賞賛
返信
995件の閲覧回数
Yetkin
Contributor I

Hi @lukaszadrapa,

I do not have the reference manual that you mentioned. Could you share Table 45 with me if it won't be a problem? 

These are the codes from the HSE demo software. I only changed the group indexes of related key handle values as you can see. 

/* Points to an ECC key pair NVM slot */
/* #define HSE_DEMO_SHE_RAM_KEY_HANDLE GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 0, 0) Original key handle*/
#define HSE_DEMO_SHE_RAM_KEY_HANDLE GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 0)

/* #define HSE_DEMO_RAM_AES128_KEY0 GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 0) Original key handle */
#define HSE_DEMO_RAM_AES128_KEY0 GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 0, 0)
#define HSE_DEMO_RAM_AES128_KEY1 GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 1)

 

/** @brief HSE RAM key catalog configuration*/
#define HSE_DEMO_RAM_KEY_CATALOG_CFG \
/* keyType numOfKeySlots maxKeyBitLen*/ \
/* Symmetric key */ \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_SHE, 1U, HSE_KEY128_BITS}, /* KEY_RAM */ \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_AES, 10U, HSE_KEY128_BITS}, \
{HSE_MU0_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_AES, 10U, HSE_KEY256_BITS}, /* HMAC key */ \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_HMAC, 6U, HSE_KEY1024_BITS}, /* RSA key */ \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_RSA_PUB, 2U, HSE_KEY2048_BITS}, \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_RSA_PUB_EXT, 1U, HSE_KEY1024_BITS}, \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, WRP_KEY_TYPE_ECC_PAIR, 2U, WRP_ECC_KEY_SIZE}, \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, WRP_KEY_TYPE_ECC_PUB, 5U, WRP_ECC_KEY_SIZE}, \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_SHARED_SECRET, 2U, HSE_KEY638_BITS}, \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_SHARED_SECRET, 1U, HSE_KEY2048_BITS}, \
{ \
0U, 0U, 0U, 0U, 0U \
}

Sincerely,

Yetkin

0 件の賞賛
返信
981件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

The HSE FW reference manual can be downloaded in this page:
https://www.nxp.com/products/processors-and-microcontrollers/s32-automotive-platform/s32k-auto-gener...
Go to the Documentation -> Secure Files. Here you should find "HSE-B Firmware Reference Manual - V2.2", document number RM758222.


In case of:
#define HSE_DEMO_SHE_RAM_KEY_HANDLE GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 0)
... you are trying to put SHE key to group HSE_KEY_TYPE_AES:
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_AES, 10U, HSE_KEY128_BITS}
You need to make sure that the key type matches the group type.

In case of:
#define HSE_DEMO_RAM_AES128_KEY0 GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 0, 0)
... you are trying to put AES key to group HSE_KEY_TYPE_SHE:
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_SHE, 1U, HSE_KEY128_BITS}

And in case of:
#define HSE_DEMO_RAM_AES128_KEY1 GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 1)
... this one should work.

Please take a look at the manual as I wrote earlier.

Regards,
Lukas

0 件の賞賛
返信