Refer to the code when using the S32K CESc.
/* Load MASTER_ECU_KEY */
calculate_M1_to_M5(M1, M2, M3, M4, M5, BLANK_KEY_VALUE, MASTER_ECU_KEY_VALUE, MASTER_ECU_KEY, MASTER_ECU_KEY, 1, 0); /* Calculate M1 to M5 in Software */
csec_error = LOAD_KEY(M4_out, M5_out, M1, M2, M3, MASTER_ECU_KEY); /* Load the key using SW calculated M1 to M3, and it returns M4 and M5 */
result = compare_results(M4, M4_out); /* Compare M4 generated by SW with the M4_out returned by CSEc */
/* Load KEY_1 */
calculate_M1_to_M5(M1, M2, M3, M4, M5, MASTER_ECU_KEY_VALUE, KEY_1_VALUE, MASTER_ECU_KEY, KEY_1, 1, 0); /* Calculate M1 to M5 in Software, Authorizing Key = Master ECU Key */
csec_error = LOAD_KEY(M4_out, M5_out, M1, M2, M3, KEY_1); /* Load the key using M1 to M3, returns M4 and M5 */
result = compare_results(M4, M4_out); /* Compare M4 generated by SW with the M4_out returned by CSEc */
/* Load KEY_11 */
calculate_M1_to_M5(M1, M2, M3, M4, M5, MASTER_ECU_KEY_VALUE, KEY_11_VALUE, MASTER_ECU_KEY, KEY_11, 1, 0b000100); /* Calculate M1 to M5 in Software, Authorizing Key = Master ECU Key, Key Usage=1(for CMAC operations) */
csec_error = LOAD_KEY(M4_out, M5_out, M1, M2, M3, KEY_11); /* Load the key using M1 to M3, returns M4 and M5 */
result = compare_results(M4, M4_out); /* Compare M4 generated by SW with the M4_out returned by CSEc */
I don't understand what M1 minus M5 does here?
Hello, I still have some that I don't understand. Regarding the Secure BOOT, the document requires that the BOOT be written to PFLASH (0x0000-BOOT_SIZE) before writing BOOT_MAC_KEY. Then, where is the code for writing BOOT_MAC_KEY after I write it? According to the mass production suggestion, first program a code. The program that enters the key is written to BOOT after erasing, so that my BOOT will definitely not pass the authentication. Please help me solve this problem.\
Actually, It's a better solution that add code in your bootloader for update key and BOOT_MAC. any other questions about that, you can ask FAE or agencies for help. i have sent a direct message for you.
Hello,
According to you, I put BOOT_MAC and BOOT_MAC_KEY operations in BootLoader, which is equivalent to self-verification, and this will repeat the operation of CSEc key updates, I want to achieve a secure boot is automatic, do not need to think of interference, what is the solution?
Thank you.