FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

S32K3 HSE

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

S32K3 HSE

Jump to solution
‎03-20-2025 10:01 PM
2,853 Views
HaiHoangSoftware
Contributor IV

Hi,

I'm working with Secure Debug feature using HSE firmware for S32K358. I have some questions regarding this topic:

1. Can Secure Debug feature be enabled/disabled directly with HSE firmware only (not via Demo APP)?

2. Do the other software need to implement anything to work if Secure Debug feature is enabled?

Thanks a lot.

Tags (2)
0 Kudos
Reply
1 Solution

Jump to solution
‎03-21-2025 05:08 AM
2,832 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @HaiHoangSoftware 

 

This configuration needs to be done by user application which triggers corresponding HSE services. Second option is to do that directly by debugger – i.e. write some script which will initialize HSE descriptors and triggers HSE services by JTAG. But first option is more common one.

 

Yes, it’s shown in HSE DemoApp where Trace32 from Lauterbach is needed. But we have also these HSE demo examples:

https://www.nxp.com/webapp/Download?colCode=S32K3_HSE_DemoExamples

In fact, it’s HSE DemoApp ported to individual simple SW examples and you can use any debugger to run it.

After installation of the package, you can find this example:

c:\NXP\S32K3_HSE_DemoExamples_1_0_0\S32K3_HSE_DemoExamples\Device_Configuration\S32K344_CQC_DEMO\

 

And you can find in the readme file:

 

***

The main purpose of this example is to show different possible configurations that can be done over the HSE and the functionality of the MCU. These possible configuirations are:

- Key Catalog Formatting

- Plain ADKP provisioning

- Secure Debug Mode selection (Static or Dynamic)

- Life Cycle Advancement (Starting from CUST_DEL can advance the life cycle to OEM_PROD or IN_FIELD)

***

 

This is essentially what you need to do to enable secure debug feature. Key catalogs can be formatted only in CUST_DEL life cycle and it is mandatory to use secure debug when life cycle is advanced to OEM_PROD or IN_FIELD. So, the example shows how to do that.

 

Once secure debug is enabled, it’s necessary to configure your debugger accordingly.

 

If Pemicro is used, you can read this article on Pemicro site:

https://www.pemicro.com/learningcenter/contents.cfm?content_id=82

We have also this article which describes how to set the password without HSE. Last part is valid also for a case when HSE is used:

https://community.nxp.com/t5/S32K-Knowledge-Base/S32K3-Restrict-the-debug-access-with-a-password-whe...

 

If you use debugger from Lauterbach, you can take a look at scripts in HSE DemoApp:

c:\NXP\HSE_DEMOAPP_S32K3XX_0_2_40_0\demo_security_installer\scripts\

 

See the files like:

debug_App_ADKP.py

debug_authorization.cmm

adkp_key_input.txt

 

Regards,

Lukas

View solution in original post

0 Kudos
Reply
2 Replies

Jump to solution
‎03-31-2025 07:09 PM
2,728 Views
HaiHoangSoftware
Contributor IV

Thanks for your support.

0 Kudos
Reply

Jump to solution
‎03-21-2025 05:08 AM
2,833 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @HaiHoangSoftware 

 

This configuration needs to be done by user application which triggers corresponding HSE services. Second option is to do that directly by debugger – i.e. write some script which will initialize HSE descriptors and triggers HSE services by JTAG. But first option is more common one.

 

Yes, it’s shown in HSE DemoApp where Trace32 from Lauterbach is needed. But we have also these HSE demo examples:

https://www.nxp.com/webapp/Download?colCode=S32K3_HSE_DemoExamples

In fact, it’s HSE DemoApp ported to individual simple SW examples and you can use any debugger to run it.

After installation of the package, you can find this example:

c:\NXP\S32K3_HSE_DemoExamples_1_0_0\S32K3_HSE_DemoExamples\Device_Configuration\S32K344_CQC_DEMO\

 

And you can find in the readme file:

 

***

The main purpose of this example is to show different possible configurations that can be done over the HSE and the functionality of the MCU. These possible configuirations are:

- Key Catalog Formatting

- Plain ADKP provisioning

- Secure Debug Mode selection (Static or Dynamic)

- Life Cycle Advancement (Starting from CUST_DEL can advance the life cycle to OEM_PROD or IN_FIELD)

***

 

This is essentially what you need to do to enable secure debug feature. Key catalogs can be formatted only in CUST_DEL life cycle and it is mandatory to use secure debug when life cycle is advanced to OEM_PROD or IN_FIELD. So, the example shows how to do that.

 

Once secure debug is enabled, it’s necessary to configure your debugger accordingly.

 

If Pemicro is used, you can read this article on Pemicro site:

https://www.pemicro.com/learningcenter/contents.cfm?content_id=82

We have also this article which describes how to set the password without HSE. Last part is valid also for a case when HSE is used:

https://community.nxp.com/t5/S32K-Knowledge-Base/S32K3-Restrict-the-debug-access-with-a-password-whe...

 

If you use debugger from Lauterbach, you can take a look at scripts in HSE DemoApp:

c:\NXP\HSE_DEMOAPP_S32K3XX_0_2_40_0\demo_security_installer\scripts\

 

See the files like:

debug_App_ADKP.py

debug_authorization.cmm

adkp_key_input.txt

 

Regards,

Lukas

0 Kudos
Reply