Refer to the code when using the S32K CESc.
/* Load MASTER_ECU_KEY */
calculate_M1_to_M5(M1, M2, M3, M4, M5, BLANK_KEY_VALUE, MASTER_ECU_KEY_VALUE, MASTER_ECU_KEY, MASTER_ECU_KEY, 1, 0); /* Calculate M1 to M5 in Software */
csec_error = LOAD_KEY(M4_out, M5_out, M1, M2, M3, MASTER_ECU_KEY); /* Load the key using SW calculated M1 to M3, and it returns M4 and M5 */
result = compare_results(M4, M4_out); /* Compare M4 generated by SW with the M4_out returned by CSEc */
/* Load KEY_1 */
calculate_M1_to_M5(M1, M2, M3, M4, M5, MASTER_ECU_KEY_VALUE, KEY_1_VALUE, MASTER_ECU_KEY, KEY_1, 1, 0); /* Calculate M1 to M5 in Software, Authorizing Key = Master ECU Key */
csec_error = LOAD_KEY(M4_out, M5_out, M1, M2, M3, KEY_1); /* Load the key using M1 to M3, returns M4 and M5 */
result = compare_results(M4, M4_out); /* Compare M4 generated by SW with the M4_out returned by CSEc */
/* Load KEY_11 */
calculate_M1_to_M5(M1, M2, M3, M4, M5, MASTER_ECU_KEY_VALUE, KEY_11_VALUE, MASTER_ECU_KEY, KEY_11, 1, 0b000100); /* Calculate M1 to M5 in Software, Authorizing Key = Master ECU Key, Key Usage=1(for CMAC operations) */
csec_error = LOAD_KEY(M4_out, M5_out, M1, M2, M3, KEY_11); /* Load the key using M1 to M3, returns M4 and M5 */
result = compare_results(M4, M4_out); /* Compare M4 generated by SW with the M4_out returned by CSEc */
I don't understand what M1 minus M5 does here?
Hi,
Please refer to AN5401.
Appendix A Generating M1 to M5, describes M1 - M5 in more details.
Regards,
Daniel
Now I don't understand how to write this BOOT_MAC value into CSEc module. When S32K does not write to BOOT, what means does S32K try to write to implement the operation of CSEc module?
Hello, I still have some that I don't understand. Regarding the Secure BOOT, the document requires that the BOOT be written to PFLASH (0x0000-BOOT_SIZE) before writing BOOT_MAC_KEY. Then, where is the code for writing BOOT_MAC_KEY after I write it? According to the mass production suggestion, first program a code. The program that enters the key is written to BOOT after erasing, so that my BOOT will definitely not pass the authentication. Please help me solve this problem.\
Actually, It's a better solution that add code in your bootloader for update key and BOOT_MAC. any other questions about that, you can ask FAE or agencies for help. i have sent a direct message for you.
Hello,
According to you, I put BOOT_MAC and BOOT_MAC_KEY operations in BootLoader, which is equivalent to self-verification, and this will repeat the operation of CSEc key updates, I want to achieve a secure boot is automatic, do not need to think of interference, what is the solution?
Thank you.
if you will not change bootloader anytime, you can use automatic mode. any question, you can send me email, i can support you more quickly. thinks.
我在自动模式下,我 不明白我写入BOOT_MAC_KEY和BOO_MAC的代码放在上面区域呢?在什么时候运行这块代码呢?怎么校验BootLoader呢?
Thank you very much. I have browsed the document to solve my problem. I will ask you if there are any problems in the future.