HSE_SRV_RSP_GENERAL_ERROR when request for ECC signature verification using Public key in NVM

mayureshp65 · ‎02-26-2024

Hello ,

I am getting HSE_SRV_RSP_GENERAL_ERROR when using verify service of HSE.

HSE version being used is 2.40 on S32K311

ECC Public key is stored in NVM. Did not received an error while importing key.

Key is configured for SECP256R1 curve and ECDSA signature algorithm is being used.

I also checked RSA signature verification which is executing successfully.

What could be the possible reason behind general error?

fp-theophile · ‎09-04-2024

Hello everyone,

I have actually found something about my matter, when generating the ecc pair you might have used openssl until now. I generated my ecdsa public key and imported it via an import key job and then got a general error from the HSE later when doing a signature verification.

I found that when commenting two lines in the crypto driver source files fixed my problem, the problem seems that the key I imported was already in big Endian, so the crypto driver does some unnecessary array swaping to go to little endian to big endian which results in a general error when doing a signature verification. This is done in static inline Std_ReturnType Crypto_Ipw_EccLoadPlainPubKey function in Crypto_43_HSE_Ipw.c file. The problem looks like that the import key API doesn't stop you from importing wrong keys.

Best Regards

在原帖中查看解决方案

PZsolt · ‎05-14-2025

My colleague has found the issue. Please check the public key—if it doesn't match the ECC curve, you'll get a general error. After regenerating a valid public key, the problem was resolved.

PZsolt · ‎05-12-2025

Meanwhile do you have an solution? I am facing the same issue?

fp-theophile · ‎09-04-2024

Hello everyone,

I have actually found something about my matter, when generating the ecc pair you might have used openssl until now. I generated my ecdsa public key and imported it via an import key job and then got a general error from the HSE later when doing a signature verification.

I found that when commenting two lines in the crypto driver source files fixed my problem, the problem seems that the key I imported was already in big Endian, so the crypto driver does some unnecessary array swaping to go to little endian to big endian which results in a general error when doing a signature verification. This is done in static inline Std_ReturnType Crypto_Ipw_EccLoadPlainPubKey function in Crypto_43_HSE_Ipw.c file. The problem looks like that the import key API doesn't stop you from importing wrong keys.

Best Regards

Yetkin · ‎08-01-2024

Hi,

I am facing the same problem. When I sign the data with the generated ECC pair, there is no problem verifying it. However, when I try to verify the signature with the imported RAM public key, I receive General Error.

@lukaszadrapa

Best regards

fp-theophile · ‎07-03-2024

Hello,

I have the same issue, I need some help please.

renegad

Hi,

Is there any progress regarding this?

I think I face similar issue, when trying to configure secure boot (ASB mode) using ECC keys.

First I created working configuration with SMR using AES key / CMAC. Everything works as expected.

Then I updated the config accordingly to use elliptic curves (tried ECDSA and EDDSA) - signature instead of CMAC.

When I try to install SMR (what involves signature verification - I think that's relation to this post) the operation ends up with HSE_SRV_RSP_GENERAL_ERROR.

Will somebody from NXP refer to this issue and propose solution or at least try to help with solving?

For me verify failed would sound like problem with configuration. General error sounds like a bug on the HSE firmware.