- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
オプション
- RSS フィードを購読する
- トピックを新着としてマーク
- トピックを既読としてマーク
- このトピックを現在のユーザーにフロートします
- ブックマーク
- 購読
- ミュート
- 印刷用ページ
HSE_SRV_ID_GET_KEY_INFO service return - HSE_SRV_RSP_NOT_ALLOWED responce
金曜日
113件の閲覧回数
KaleRushikesh
Contributor I
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
I am working with the HSE on an S32K3 device and have successfully imported an AES-128 key into NVM using the IMPORT_KEY service. The import service completes without error.
To verify the key, I am using the GET_KEY_INFO service descriptor as shown below-
static hseSrvResponse_t App_GetKeyInfo ( const uint8 u8MuInstance, hseKeyInfo_t* pAes128NvmKeyInfo ) { hseSrvDescriptor_t* pHseSrvDescriptor; hseGetKeyInfoSrv_t* pHseGetKeyInfo; pHseSrvDescriptor = &Hse_aSrvDescriptor[MU_ADMIN_CHANNEL_U8]; memset(pHseSrvDescriptor, 0, sizeof(hseSrvDescriptor_t)); pHseGetKeyInfo = &(pHseSrvDescriptor->hseSrv.getKeyInfoReq); pHseSrvDescriptor->srvId = HSE_SRV_ID_GET_KEY_INFO; pHseGetKeyInfo->keyHandle = GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_NVM, 1U, 0U); pHseGetKeyInfo->pKeyInfo = (HOST_ADDR)pAes128NvmKeyInfo; HseIp_aRequest[MU_ADMIN_CHANNEL_U8].eReqType = HSE_IP_REQTYPE_SYNC; HseIp_aRequest[MU_ADMIN_CHANNEL_U8].u32Timeout = TIMEOUT_TICKS_U32; return Hse_Ip_ServiceRequest(u8MuInstance, MU_ADMIN_CHANNEL_U8, &HseIp_aRequest[MU_ADMIN_CHANNEL_U8], pHseSrvDescriptor);}
However, when I call this service, the response is not HSE_SRV_RSP_OK. Instead, the service seems to return HSE_SRV_ID_GET_KEY_INFO.
My device is currently in CUST_DEL lifecycle state.
Here is the Aes import key service descriptor-
static hseSrvResponse_t App_AesLoadPlainNvmKey(void)
{
hseSrvResponse_t RetVal = HSE_SRV_RSP_GENERAL_ERROR;
hseSrvDescriptor_t *pHseSrvDescriptor;
uint8 u8MuChannel = Hse_Ip_GetFreeChannel(MU0_INSTANCE_U8);
keyInfo.keyBitLen = 128;
keyInfo.keyType = HSE_KEY_TYPE_AES;
keyInfo.keyFlags = ( HSE_KF_USAGE_DECRYPT | HSE_KF_USAGE_ENCRYPT | HSE_KF_USAGE_KEY_PROVISION );
keyInfo.keyCounter = 0; // first time while NVM key importing it should be greater than or equal to 0.
keyInfo.smrFlags = 0;
keyInfo.specific.aesBlockModeMask = HSE_KU_AES_BLOCK_MODE_ANY;
if(HSE_IP_INVALID_MU_CHANNEL_U8 != u8MuChannel)
{
pHseSrvDescriptor = &Hse_aSrvDescriptor[u8MuChannel];
memset(pHseSrvDescriptor, 0, sizeof(hseSrvDescriptor_t));
pHseSrvDescriptor->srvId = HSE_SRV_ID_IMPORT_KEY;
pHseSrvDescriptor->hseSrv.importKeyReq.keyLen[2] = 16;
pHseSrvDescriptor->hseSrv.importKeyReq.pKey[2] = HSE_PTR_TO_HOST_ADDR(App_au8AesNvmKey);
pHseSrvDescriptor->hseSrv.importKeyReq.pKeyInfo= HSE_PTR_TO_HOST_ADDR(&keyInfo);
pHseSrvDescriptor->hseSrv.importKeyReq.targetKeyHandle = GET_KEY_HANDLE(1,1,0);
// Both the fields given below must be configured.
pHseSrvDescriptor->hseSrv.importKeyReq.cipher.cipherKeyHandle= HSE_INVALID_KEY_HANDLE;
pHseSrvDescriptor->hseSrv.importKeyReq.keyContainer.authKeyHandle= HSE_INVALID_KEY_HANDLE;
/* Build the request to be sent to Hse Ip layer */
HseIp_aRequest[u8MuChannel].eReqType = HSE_IP_REQTYPE_SYNC;
HseIp_aRequest[u8MuChannel].u32Timeout = TIMEOUT_TICKS_U32;
/* Send the request to Hse Ip layer */
RetVal = Hse_Ip_ServiceRequest(MU0_INSTANCE_U8, u8MuChannel, &HseIp_aRequest[u8MuChannel], pHseSrvDescriptor);
}
return RetVal;
}
2 返答(返信)
19 時間前
21件の閲覧回数
lukaszadrapa
NXP TechSupport
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
I can see nothing wrong, HSE_SRV_ID_GET_KEY_INFO is simple service, this should work.
Isn't that just data cache issue? Could you try to turn off the data cache to see if it makes a difference? All objects used for communication with HSE must be forced to non-cacheable memory.
Regards,
Lukas
11 時間前
13件の閲覧回数
KaleRushikesh
Contributor I
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hii @lukaszadrapa
1. As you can see in following line, the variable is placed in non-cacheable memory and that is verified.
/* The variables in the section below need to be put in non-cacheable memory area in order to be correctly seen by the HSE */
#define CRYPTO_START_SEC_VAR_CLEARED_UNSPECIFIED_NO_CACHEABLE
#include "Crypto_MemMap.h"
/* Variable where HSE will write (return) the supported capabilities */
static hseAttrCapabilities_t Hse_AttrCapabilities;
static hseAttrSecureLifecycle_t hseAttrSecureLifecycle;
static hseKeyInfo_t aes128NvmKeyInfo;
/* Variable where application will store the request of configuring (enabling/disabling) the MU instances */
static hseAttrMUConfig_t Hse_MuConfig;
#define CRYPTO_STOP_SEC_VAR_CLEARED_UNSPECIFIED_NO_CACHEABLE
#include "Crypto_MemMap.h"
#define CRYPTO_START_SEC_VAR_SHARED_CLEARED_UNSPECIFIED_NO_CACHEABLE
#include "Crypto_MemMap.h"
2. Also tried with disabling cache memory, the result is same.
1. As you can see in following line, the variable is placed in non-cacheable memory and that is verified.
/* The variables in the section below need to be put in non-cacheable memory area in order to be correctly seen by the HSE */
#define CRYPTO_START_SEC_VAR_CLEARED_UNSPECIFIED_NO_CACHEABLE
#include "Crypto_MemMap.h"
/* Variable where HSE will write (return) the supported capabilities */
static hseAttrCapabilities_t Hse_AttrCapabilities;
static hseAttrSecureLifecycle_t hseAttrSecureLifecycle;
static hseKeyInfo_t aes128NvmKeyInfo;
/* Variable where application will store the request of configuring (enabling/disabling) the MU instances */
static hseAttrMUConfig_t Hse_MuConfig;
#define CRYPTO_STOP_SEC_VAR_CLEARED_UNSPECIFIED_NO_CACHEABLE
#include "Crypto_MemMap.h"
#define CRYPTO_START_SEC_VAR_SHARED_CLEARED_UNSPECIFIED_NO_CACHEABLE
#include "Crypto_MemMap.h"
2. Also tried with disabling cache memory, the result is same.
