FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to configure the corresponding advanced SecureBoot routine in AB-Swap mode of S32k314 chip

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to configure the corresponding advanced SecureBoot routine in AB-Swap mode of S32k314 chip

‎02-20-2024 10:42 PM
938 Views
JackySara
Contributor I

I downloaded the following program from the official website and after configuration, it was compiled successfully and can run on the 344 template. However, at that time, RTD1.0 was used for compilation. I started thinking of porting the entire set to RTD3.0 and found many errors. So, I only ported the HSE-LIB and main. c sections in the src. During the compilation process, there were some problems, and some libraries could not be matched. Therefore, I changed the library corresponding to 344 to 314, Then some functions in the main are masked, such as the BackupOnPassivesection function. As of now, I have only modified the memory section in the LD file to ensure matching, but the subsequent section still reports errors. Although it appears to be one or two errors, once I modify one, other errors will continue to be reported, At present, I hope to modify an advanced secure boot (based on RSA) program that can run normally on the current 314 sample, which will facilitate my future development. Thank you!

1.png

2.png3.png

0 Kudos
Reply
7 Replies

‎02-21-2024 10:31 AM
911 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @JackySara 

unfortunately we do not have such sample code written directly for S32K344.

The errors show a problem in the linker file. Why did you updated the linker file in this way? S32K344 and S32K314 have the same memory layout, so you can use the same definition of MEMORY as in original example for S32K344.

For example, configuring of int_ivt_1 to 0x00430000 does not make sense because this is not valid IVT location.

I would start with the same linker file.

Regards,

Lukas

0 Kudos
Reply

‎02-21-2024 08:06 PM
902 Views
JackySara
Contributor I
Thank you, @lukaszadrapa :

Because currently some routines S32K344_SecureBootCfgAB-SWAP can be run on the 344 template, but we want to port it to 314. Due to the large difference in linkfiles and the lack of specific documentation on how to modify them, I can only copy them from the routine to the 314 project for modification and adaptation. For the address 0x00430000, I have already blocked it in 314, but there are still many other errors, as shown in the following figure, If there are documents and tools for quickly configuring linkfiles, that would be the most convenient,4.png

0 Kudos
Reply

‎02-23-2024 01:50 AM
871 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Well, it's standard GNU linker file, so you can find documentation in the build tools folder:

c:\NXP\S32DS.3.5\S32DS\build_tools\gcc_v10.2\gcc-10.2-arm32-eabi\arm-none-eabi\share\docs\pdf\ld.pdf

And there are many tutorials on the web. We do not have other documentation for this.

Regards,

Lukas

0 Kudos
Reply

‎03-17-2024 07:11 PM
804 Views
JackySara
Contributor I

Hi,@lukaszadrapa:

                    Now I can start the secure boot and run it normally, but there is a new issue. After starting the secure boot normally, I import the RSA key required for other encryption functions and verify it successfully

I tried to power on and off the prototype again, but it couldn't start. I speculated that SMR verification failed and was sanctioned. However, I changed the key type corresponding to SMR in global and blocked RSA, and then re imported the key. This still caused the corresponding problem. Do I need to manually clear all SMRs and reinstall them before I can solve it? Is there another solution? Thank you for your answer!

0 Kudos
Reply

‎03-19-2024 04:58 AM
791 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @JackySara 

If anything has changed, the SMR can be updated, it's not necessary to erase it and install again. However, there are some limitations related to life cycle and user rights. See please "7.6.1 SMR installation conditions" in HSE-B Firmware Reference Manual rev 2.3.

Or you can erase the SMR and start over. Notice that SU rights are required.

Regards,
Lukas

0 Kudos
Reply

‎03-20-2024 11:58 PM
770 Views
JackySara
Contributor I

HI,@lukaszadrapa :

                        Then there is another question. When I was verifying whether secure boot was effective, I tried two methods. One was to upgrade and found that upgrading from a secure boot version to a non secure boot version still allowed me to start? The second method is to read the storage address of the corresponding version information of the overall flash, but it can still start normally, so I am not sure how to verify the effectiveness of secure startup and the effectiveness of sanctions?

0 Kudos
Reply

‎03-19-2024 10:20 PM
780 Views
JackySara
Contributor I

Hi,@lukaszadrapa :

              The previous issue has been found to be caused by the key directory being reformatted when importing other keys in the future. After negotiating with the other party, the corresponding key was first formatted and set at the corresponding position in the key directory. Currently, this part of the function is not affected. However, after upgrading the APP in the future, the security boot is restarted. After completing the CFG project, I found that the key for the corresponding function imported before the upgrade was formatted in the key directory during CFG initialization. Is there any way to avoid this situation?

0 Kudos
Reply