S32K CESc

liulei1 · ‎08-05-2019

Refer to the code when using the S32K CESc.

/* Load MASTER_ECU_KEY */
calculate_M1_to_M5(M1, M2, M3, M4, M5, BLANK_KEY_VALUE, MASTER_ECU_KEY_VALUE, MASTER_ECU_KEY, MASTER_ECU_KEY, 1, 0); /* Calculate M1 to M5 in Software */
csec_error = LOAD_KEY(M4_out, M5_out, M1, M2, M3, MASTER_ECU_KEY); /* Load the key using SW calculated M1 to M3, and it returns M4 and M5 */
result = compare_results(M4, M4_out); /* Compare M4 generated by SW with the M4_out returned by CSEc */

/* Load KEY_1 */
calculate_M1_to_M5(M1, M2, M3, M4, M5, MASTER_ECU_KEY_VALUE, KEY_1_VALUE, MASTER_ECU_KEY, KEY_1, 1, 0); /* Calculate M1 to M5 in Software, Authorizing Key = Master ECU Key */
csec_error = LOAD_KEY(M4_out, M5_out, M1, M2, M3, KEY_1); /* Load the key using M1 to M3, returns M4 and M5 */
result = compare_results(M4, M4_out); /* Compare M4 generated by SW with the M4_out returned by CSEc */

/* Load KEY_11 */
calculate_M1_to_M5(M1, M2, M3, M4, M5, MASTER_ECU_KEY_VALUE, KEY_11_VALUE, MASTER_ECU_KEY, KEY_11, 1, 0b000100); /* Calculate M1 to M5 in Software, Authorizing Key = Master ECU Key, Key Usage=1(for CMAC operations) */
csec_error = LOAD_KEY(M4_out, M5_out, M1, M2, M3, KEY_11); /* Load the key using M1 to M3, returns M4 and M5 */
result = compare_results(M4, M4_out); /* Compare M4 generated by SW with the M4_out returned by CSEc */

I don't understand what M1 minus M5 does here?

danielmartynek · ‎08-07-2019

Hi,

Please refer to AN5401.

Appendix A Generating M1 to M5, describes M1 - M5 in more details.

Regards,

Daniel

liulei1 · ‎08-08-2019

Now I don't understand how to write this BOOT_MAC value into CSEc module. When S32K does not write to BOOT, what means does S32K try to write to implement the operation of CSEc module?

Yunchuan · ‎08-08-2019

hi lei

We have a Chinese version application guide about S32k1xx CSEc for Chinese customer, please refer it.

liulei1 · ‎08-08-2019

Hello, I still have some that I don't understand. Regarding the Secure BOOT, the document requires that the BOOT be written to PFLASH (0x0000-BOOT_SIZE) before writing BOOT_MAC_KEY. Then, where is the code for writing BOOT_MAC_KEY after I write it? According to the mass production suggestion, first program a code. The program that enters the key is written to BOOT after erasing, so that my BOOT will definitely not pass the authentication. Please help me solve this problem.\

Yunchuan · ‎08-09-2019

Actually, It's a better solution that add code in your bootloader for update key and BOOT_MAC. any other questions about that, you can ask FAE or agencies for help. i have sent a direct message for you.

liulei1 · ‎08-13-2019

Hello,

According to you, I put BOOT_MAC and BOOT_MAC_KEY operations in BootLoader, which is equivalent to self-verification, and this will repeat the operation of CSEc key updates, I want to achieve a secure boot is automatic, do not need to think of interference, what is the solution?

Thank you.

Yunchuan · ‎08-19-2019

if you will not change bootloader anytime, you can use automatic mode. any question, you can send me email, i can support you more quickly. thinks.

liulei1 · ‎08-19-2019

我在自动模式下，我不明白我写入BOOT_MAC_KEY和BOO_MAC的代码放在上面区域呢？在什么时候运行这块代码呢？怎么校验BootLoader呢？

liulei1 · ‎08-19-2019

你好，我给您发邮件了，您那边收不到吗？

liulei1 · ‎08-08-2019

Thank you very much. I have browsed the document to solve my problem. I will ask you if there are any problems in the future.

S32K CESc

S32K CESc

General