- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
オプション
- RSS フィードを購読する
- トピックを新着としてマーク
- トピックを既読としてマーク
- このトピックを現在のユーザーにフロートします
- ブックマーク
- 購読
- ミュート
- 印刷用ページ
解決済み
08-22-2025
09:26 AM
665件の閲覧回数
mws
Contributor I
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hello NXP Team,
I’m testing Basic Secure Boot on S32K344. I have extended the sample image S32K344_SecureBootBlinky.bin (AppBootHeader + App) to 0x40 + 0x1000 bytes. I’m trying to write a PC-side GMAC calculation tool so that the tag I compute matches what HSE produces, but so far I cannot obtain the same GMAC tag as HSE.
Could you please provide a PC-side reference implementation (any language is fine; C or Python would be ideal) that reproduces the HSE GMAC for Basic Secure Boot?
Because I cannot share my actual IV and ADKP, please feel free to choose arbitrary test values. A minimal package with:
Short test payload (binary),
Example ADKP (16 bytes) and the exact key derivation used by Basic Secure Boot,
IV (12 bytes),
Expected GMAC tag (16 bytes),
And the required image layout (including where/how to place IV and tag at the end)
would be perfect.
Attachment: my extended S32K344_SecureBootBlinky binary (AppBootHeader + App = 0x40 + 0x1000).
If there is already an official PC-side example or a validated test vector for S32K344 Basic Secure Boot, a link or zip would be greatly appreciated.
Thank you for your support!
解決済! 解決策の投稿を見る。
1 解決策
08-25-2025
04:58 AM
612件の閲覧回数
lukaszadrapa
NXP TechSupport
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hi @mws
This is not something what we should provide but I spent some time on this because it's useful for me too. See attached python script. It contains ADKP (it's the same as in HSE_DemoExamples because I have already programmed this on my board). Then it expects file image.bin (pure binary format). It should contain the header+image+IV. The result can be found in generated gmac_tag.txt.
It works on my side, I got the same GMAC as generated by HSE using service hseBootDataImageSignSrv_t. I reused example S32K344_Basic_SecureBoot which uses hseBootDataImageSignSrv_t to generate IV and GMAC. And it also programs it behind the image. Then I just exported header+image+IV to binary file and use that to develop the script. When calculating GMAC externally, user needs to provide the IV. You can either provide IV in the bin file as I did or you can change the script as necessary.
Regards,
Lukas
2 返答(返信)
08-25-2025
04:58 AM
613件の閲覧回数
lukaszadrapa
NXP TechSupport
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hi @mws
This is not something what we should provide but I spent some time on this because it's useful for me too. See attached python script. It contains ADKP (it's the same as in HSE_DemoExamples because I have already programmed this on my board). Then it expects file image.bin (pure binary format). It should contain the header+image+IV. The result can be found in generated gmac_tag.txt.
It works on my side, I got the same GMAC as generated by HSE using service hseBootDataImageSignSrv_t. I reused example S32K344_Basic_SecureBoot which uses hseBootDataImageSignSrv_t to generate IV and GMAC. And it also programs it behind the image. Then I just exported header+image+IV to binary file and use that to develop the script. When calculating GMAC externally, user needs to provide the IV. You can either provide IV in the bin file as I did or you can change the script as necessary.
Regards,
Lukas
09-01-2025
05:43 PM
476件の閲覧回数
mws
Contributor I
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
it's work! thanks
