- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- Neural Processing UnitsNeural Processing Units
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
- Neural Processing Units
-
- NXP Tech Blogs
S32K144 CSEc Application MAC Storage Options for Secure Boot Verification
01-08-2026
01:51 AM
709 次查看
Kishore_14
Contributor III
Hardware: S32K144EVB-Q100
Software: S32 Design Studio, OpenBLT Bootloader, an5401-csec
We intend to protect only the bootloader using BOOT_DEFINE (16KB protected) and want the bootloader to verify the application MAC on every reset to establish a proper chain of trust.
We currently have a hardcoded CMAC value that we store and verify upon every reset as a proof of concept.
After bootloader verification (BOK=1), we need to verify application on every reset. For this, we need to:
- Store application MAC somewhere during programming
- Verify application MAC on every reset
We've considered these options but have concerns:
- CSEc KEY slots (like KEY_2): Can't read back stored keys due to SHE protocol security - keys are write-only. How can we retrieve MAC for comparison?
- Flash memory: Not suitable because application area gets erased when new application is programmed, so stored MAC would be lost.
- EEPROM: Is this a good approach? Any recommended EEPROM addresses?
What other approaches would be suitable for storing application MAC that bootloader can reliably read for verification on every reset?
1 回复
