S32K CESc

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

S32K CESc

13,336 Views
liulei1
Contributor II

Refer to the code when using the S32K CESc.

/* Load MASTER_ECU_KEY */
calculate_M1_to_M5(M1, M2, M3, M4, M5, BLANK_KEY_VALUE, MASTER_ECU_KEY_VALUE, MASTER_ECU_KEY, MASTER_ECU_KEY, 1, 0); /* Calculate M1 to M5 in Software */
csec_error = LOAD_KEY(M4_out, M5_out, M1, M2, M3, MASTER_ECU_KEY); /* Load the key using SW calculated M1 to M3, and it returns M4 and M5 */
result = compare_results(M4, M4_out); /* Compare M4 generated by SW with the M4_out returned by CSEc */

/* Load KEY_1 */
calculate_M1_to_M5(M1, M2, M3, M4, M5, MASTER_ECU_KEY_VALUE, KEY_1_VALUE, MASTER_ECU_KEY, KEY_1, 1, 0); /* Calculate M1 to M5 in Software, Authorizing Key = Master ECU Key */
csec_error = LOAD_KEY(M4_out, M5_out, M1, M2, M3, KEY_1); /* Load the key using M1 to M3, returns M4 and M5 */
result = compare_results(M4, M4_out); /* Compare M4 generated by SW with the M4_out returned by CSEc */

/* Load KEY_11 */
calculate_M1_to_M5(M1, M2, M3, M4, M5, MASTER_ECU_KEY_VALUE, KEY_11_VALUE, MASTER_ECU_KEY, KEY_11, 1, 0b000100); /* Calculate M1 to M5 in Software, Authorizing Key = Master ECU Key, Key Usage=1(for CMAC operations) */
csec_error = LOAD_KEY(M4_out, M5_out, M1, M2, M3, KEY_11); /* Load the key using M1 to M3, returns M4 and M5 */
result = compare_results(M4, M4_out); /* Compare M4 generated by SW with the M4_out returned by CSEc */

I don't understand what M1 minus M5 does here?

Labels (1)
Tags (1)
10 Replies

12,881 Views
danielmartynek
NXP TechSupport
NXP TechSupport

Hi,

Please refer to AN5401.

pastedImage_1.png

Appendix A Generating M1 to M5, describes M1 - M5 in more details.

Regards,

Daniel

12,881 Views
liulei1
Contributor II

Now I don't understand how to write this BOOT_MAC value into CSEc module. When S32K does not write to BOOT, what means does S32K try to write to implement the operation of CSEc module?

0 Kudos
Reply

12,881 Views
Yunchuan
NXP Employee
NXP Employee

hi lei

   We have a Chinese version application guide about S32k1xx CSEc for Chinese customer, please refer it.

12,881 Views
liulei1
Contributor II

Hello, I still have some that I don't understand. Regarding the Secure BOOT, the document requires that the BOOT be written to PFLASH (0x0000-BOOT_SIZE) before writing BOOT_MAC_KEY. Then, where is the code for writing BOOT_MAC_KEY after I write it? According to the mass production suggestion, first program a code. The program that enters the key is written to BOOT after erasing, so that my BOOT will definitely not pass the authentication. Please help me solve this problem.\

pastedImage_1.png

0 Kudos
Reply

12,881 Views
Yunchuan
NXP Employee
NXP Employee

Actually, It's a better solution that add code in your bootloader for update key and BOOT_MAC. any other questions about that, you can ask FAE or agencies for help. i have sent a direct message for you.

0 Kudos
Reply

12,881 Views
liulei1
Contributor II

Hello,

According to you, I put BOOT_MAC and BOOT_MAC_KEY operations in BootLoader, which is equivalent to self-verification, and this will repeat the operation of CSEc key updates, I want to achieve a secure boot is automatic, do not need to think of interference, what is the solution?

Thank you.

0 Kudos
Reply

12,881 Views
Yunchuan
NXP Employee
NXP Employee

if you will not change bootloader anytime, you can use automatic mode. any question, you can send me email, i can support you more quickly. thinks.

0 Kudos
Reply

12,881 Views
liulei1
Contributor II

我在自动模式下,我 不明白我写入BOOT_MAC_KEY和BOO_MAC的代码放在上面区域呢?在什么时候运行这块代码呢?怎么校验BootLoader呢?

0 Kudos
Reply

12,880 Views
liulei1
Contributor II

你好,我给您发邮件了,您那边收不到吗?

0 Kudos
Reply

12,880 Views
liulei1
Contributor II

Thank you very much. I have browsed the document to solve my problem. I will ask you if there are any problems in the future.

0 Kudos
Reply