FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Loading keys on the S32k116

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Loading keys on the S32k116

‎05-07-2024 08:00 AM
560 Views
NathanGalasso
Contributor II

I am using the S32K116-Q048 evb and have run the csec_flash_part_s32k116 example code first on the part with no issue.  I then try to run the csec_keyconfig_s32k116 example code the program gets to the CSEC_DRV_LoadKey and returns a STATUS_SEC_KEY_UPDATE_ERROR.  

I'm trying to use this project as an example on how to load keys into the different user key slots does anyone know what went wrong? 

Thank you.

0 Kudos
Reply
5 Replies

‎05-09-2024 01:13 AM
526 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @NathanGalasso 

have you changed anything in those projects? If yes, what was changed? I tested these projects many times and everything worked on my side.

One possible reason - maybe you just executed the project more times. Each key has a counter. If you want to update the key, it's necessary to increase the counter and then calculate M1-M3 values again. If you use the same values again (with the same counter), the key won't be loaded again because the counter is not incremented. I can't see other reason.

Regards,

Lukas

0 Kudos
Reply

‎05-09-2024 10:04 AM
519 Views
NathanGalasso
Contributor II

I was using a modified version that wasn't working now I swapped back to an untouched version of csec_keyconfig_s32k116.  I have run different versions many times without increasing the counter.  Even after power cycling does the counter keep its value? If it does is there a way to reset the counter for each flag?

0 Kudos
Reply

‎05-09-2024 12:58 PM
514 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

The counter value is stored to secure flash together with a key. There's no way to reset the counter. The counter is used to avoid rollback attack. It's required by SHE specification. The only option is to reset the device back to factory state using CMD_DBG_CHAL and CMD_DBG_AUTH commands with knowledge of MASTER_ECU_KEY.

0 Kudos
Reply

‎05-09-2024 01:46 PM
508 Views
NathanGalasso
Contributor II

in the csec_keyconfig_s32k116 I was able to set erase_all_keys definition to 1 to try to get it to erase the keys but in erasekeys()->CSEC_DRV_DbgAuth() when writing CSEC_CMD_DBG_AUTH it returns with STATUS_SEC_NO_DEBUGGING and is unable to complete the erasure of all keys.  I'm still confused as to why authentication is failing as I'm simply taking the example and running it and am getting this error.  I understand I have been running many things on this s32k116 to try to learn how to use it but is there a way to help reset it?

0 Kudos
Reply

‎05-10-2024 05:11 AM
475 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

The only option I can see is that MASTER_ECU_KEY is wrong. It's also description of that error in S32K1 reference manual:
"ERC_NO_DEBUGGING. Example: DEBUG command authentication failed"

In the original project, this key is used as MASTER_ECU_KEY (can be found in csec_utils.c):

uint8_t g_authIdKey[16] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};

It is used in eraseKeys() function to reset the device back to factory state.

Have you modified this key? It's not possible to erase the keys without knowledge of current MASTER_ECU_KEY.

0 Kudos
Reply