您好,我最近在基于S32K1XX的CSEc demo进行S32K148的安全启动开发
参考的资料为
<S32K-RM.pdf>
<S32K1xx 系列 MCU 应用指南之 CSEc 硬件加密模块使用手册>与其demo
遇到了2个问题,恳请解惑
1.是否可以这样说? 当调用FTFC的0x80分区命令来分区时,若分区成功,则认为对CSEc模块进行了enable?如果不是,如何enable CSEc?如何判断CSEc被启动了?
2.是否可以这样说? 当调用CSEc的boot_define的命令配置boot起始地址,boot区长度和检查模式后,若复位后进行了检查(通过FSECTAT检查),则认为enable了安全启动?如果不是,如何enable 安全启动?如何判断安全启动被启动了?
3.恢复出厂设置的操作指出
那么如果在恢复出场设置之前使用了boot_define接口将安全启动模式设置为了PARALLEL模式.
调用恢复出厂设置后,复位后,芯片还会进行安全启动检查吗?
如果芯片在执行恢复出厂设置后进行复位后,不在进行安全启动检查了.能否认为这是唯一一个在开启安全启动后关闭安全启动的方法?
如果芯片在执行恢复出厂设置后进行复位后,依旧进行安全启动检查了.那么我该如何关闭安全启动功能?
Solved! Go to Solution.
Hi @fhz2000
1. Yes, if partition command is successfully executed (considering CSEc Key Size parameter is different from zero) then CSEc is enabled and you can start using it.
2. Yes, you need to call CMD_BOOT_DEFINE command and also BOOT_MAC_KEY needs to be loaded. You can take a look at section "4.4.2 Enabling Secure Boot" in this application note:
https://www.nxp.com/webapp/Download?colCode=AN5401&location=null
https://www.nxp.com/webapp/Download?colCode=AN5401SW&location=null
3. Factory reset will erase all the keys, it will remove the partition and it will disable secure boot.
Regards,
Lukas
Hi @fhz2000
1. Yes, if partition command is successfully executed (considering CSEc Key Size parameter is different from zero) then CSEc is enabled and you can start using it.
2. Yes, you need to call CMD_BOOT_DEFINE command and also BOOT_MAC_KEY needs to be loaded. You can take a look at section "4.4.2 Enabling Secure Boot" in this application note:
https://www.nxp.com/webapp/Download?colCode=AN5401&location=null
https://www.nxp.com/webapp/Download?colCode=AN5401SW&location=null
3. Factory reset will erase all the keys, it will remove the partition and it will disable secure boot.
Regards,
Lukas
thank you very much!!!