- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- Product Forums
- :
- S32K
- :
- [S32K3] Image verificaiton fail in Secure boot
[S32K3] Image verificaiton fail in Secure boot
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SOLVED
12-10-2024
06:55 PM
1,474 Views
Changhawn
Contributor III
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi.
Now I have developed Secure boot with HSE. In bootloader sequence, application image should be verified.
S32K344_Basic_SecureBoot Project is refered in S32K3_HSE_DemoExamples.
The verifying function (HSE_VerifyBootImage) is returning failure (HSE_SRV_RSP_VERIFY_FAILED).
Could you recommand my mistake and comment and fail reason?
My project loader and code is attached like below.
Thank you.
log output)
Flash Erase Ok
Flash Program ok(7d2040, len:128)
[SEC BOOT] Image Verify failed.(0x55a5a164)
Code)
#define ADKP_LENGTH (uint8_t)16U
#define TAG_LENGTH 28
#define APP_HEADER_LENGTH 0x40U
/* RAM address for GMAC */
uint8_t temp_addr_of_app_image[32] = {0xFF};
const uint8_t* pAppBL = APP_ADDR; //Application Start 0x500000 in ld
uint32_t AppBL_codeLength = (APP_SIZE - 0x2000); //APP_SIZE 0x2d4000 in ld --> 0x2d2000
/* ADKP Key/Password required variables */
volatile uint8_t programmed_appdebugkey[ADKP_LENGTH] = {0U}; //Store the reading of the ADKP
volatile uint8_t applicationDebugKeyPassword[16U] =
{
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x21
};
hseSrvResponse_t HSE_ProgramAdkp(void)
{
hseSrvResponse_t srvResponse;
/* WARNING: This operation is irreversible */
/* Program the ADK/P (Application debug key/password) */
srvResponse = SetAttr(HSE_APP_DEBUG_KEY_ATTR_ID,
sizeof(hseAttrApplDebugKey_t), (void *)&applicationDebugKeyPassword);
return srvResponse;
}
/* Reads ADKP hash */
hseSrvResponse_t HSE_ReadAdkp( uint8_t *pDebugKey )
{
hseSrvResponse_t srvResponse;
srvResponse = GetAttr
(
HSE_APP_DEBUG_KEY_ATTR_ID,
sizeof(hseAttrApplDebugKey_t),
(void *)pDebugKey
);
return srvResponse;
}
bool secure_boot_fw_verify(void)
{
hseSrvResponse_t srvResponse;
uint32_t temp_addr_of_app_image[32] = {0xFF};
memset((void *)&programmed_appdebugkey,0U,ADKP_LENGTH);
srvResponse = HSE_ReadAdkp((uint8_t *)&programmed_appdebugkey);
/*
* First time when ADKP is not programmed,
* read adkp will always result in not allowed
* If ADKP is not programmed then do so
*/
if( (HSE_SRV_RSP_NOT_ALLOWED == srvResponse))
{
SYS_TRACE("[SEC BOOT] ADKP is not programmed\r\n");
srvResponse = HSE_ProgramAdkp();
if (HSE_SRV_RSP_OK != srvResponse)
{
SYS_TRACE("[SEC BOOT] Program ADKP is failed.(0x%x)\r\n", srvResponse);
return false;
}
}
/* Generate Tag of size 32 over the provided APPBL */
srvResponse = HSE_SignBootImage(pAppBL, TAG_LENGTH, temp_addr_of_app_image);
if (HSE_SRV_RSP_OK != srvResponse)
{
SYS_TRACE("[SEC BOOT] Sign Image failed.(0x%x)\r\n", srvResponse);
return false;
}
GVP_FlashErase(pAppBL + APP_HEADER_LENGTH + AppBL_codeLength, sizeof(temp_addr_of_app_image));
GVP_FlashProgram(pAppBL + APP_HEADER_LENGTH + AppBL_codeLength, temp_addr_of_app_image, sizeof(temp_addr_of_app_image));
/* Verify that the generated TAG is valid for the APPBL */
srvResponse = HSE_VerifyBootImage(pAppBL);
if (HSE_SRV_RSP_OK != srvResponse)
{
SYS_TRACE("[SEC BOOT] Image Verify failed.(0x%x)\r\n", srvResponse);
return false;
}
else
{
SYS_TRACE("[SEC BOOT] Image Verify ok\r\n");
return true;
}
}
/* bootloader main */
main()
{
....
secure_boot_fw_verify();
....
}
MEMORY
{
int_pflash : ORIGIN = 0x00400000, LENGTH = 0x00040000 /* 256K*/
HSE_BINARY : ORIGIN = 0x00440200, LENGTH = 0x00024000 /* Leave block 0 for HSE FW binary */
int_flash : ORIGIN = 0x00500000, LENGTH = 0x002D4000 /* Use only blocks 1,2,3 for install project */
...
#define IVT_BOOT_CFG_WORD_BOOT_SEQ (1 << 3)
.section ".boot_header","ax"
.long SBAF_BOOT_MARKER /* IVT marker */
.long (CM7_0_ENABLE << CM7_0_ENABLE_SHIFT) | (CM7_1_ENABLE << CM7_1_ENABLE_SHIFT) | IVT_BOOT_CFG_WORD_BOOT_SEQ /* Boot configuration word */
Solved! Go to Solution.
1 Solution
12-13-2024
08:37 AM
1,441 Views
lukaszadrapa
NXP TechSupport
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Changhawn
Do you follow this?
It's a screenshot from Secure boot application note.
You can check how it is implemented in S32K344_SecureBootBlinky project in HSE DemoExamples.
Regards,
Lukas
2 Replies
12-13-2024
08:37 AM
1,442 Views
lukaszadrapa
NXP TechSupport
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Changhawn
Do you follow this?
It's a screenshot from Secure boot application note.
You can check how it is implemented in S32K344_SecureBootBlinky project in HSE DemoExamples.
Regards,
Lukas
12-15-2024
10:20 PM
1,415 Views
Changhawn
Contributor III
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Lukaszadrapa
Thank you for your support.
Thank you for your support.
