FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

[S32K3] Restrict the debug access with a password when HSE is used

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[S32K3] Restrict the debug access with a password when HSE is used

‎11-13-2023 11:34 PM
1,320 Views
yuanhang18
Contributor I

Hello:

I've seen the following steps in other posts,

To restrict the S32K3 MCU access by JTAG the process depends on whether HSE FW is used or not.

With HSE FW (not covered in this document):

1. Set up ADKP (Application Debug Key/Password).
2. Make sure the password mode or challenge-response mode.
3. Move the lifecycle to the IN-FIELD stage.

NOTE: All the above steps can only be done via HSE services (not via IVT or by direct flash

programming).

So in the HSE_DEMOAPP_S32K3XX_0_2_1_0 Main.c,ccording to the JTAG encryption debugging method given, we use a direct call with HSE in the code.

 

yuanhang18_3-1699943573783.png

 

In the ProgramADKPService(),I also gave applicationDebugKeyPassword assignment manually.

In the  Advance_LifeCycle_Service(), HSE_AdvanceLifecycle(HSE_LC_OEM_PROD),to ensure that the LC is running in HSE LC OEM PROD mode。

When I Debug again,S32DS for S32 Platform Will prompt this.This is successfully started JTAG.

yuanhang18_0-1699943013538.png

In the Lifecycle management - JTAG password protection's SECURE DEBUG

yuanhang18_1-1699943334582.png

I followed the steps in the PDF and it showed success but it still says no debug.

yuanhang18_2-1699943418951.png

How can I enable DEBUG normally using ADKP?

Preview file
3861 KB
0 Kudos
Reply
5 Replies

‎11-14-2023 12:05 PM
1,287 Views
VaneB
NXP TechSupport
NXP TechSupport

Hi @yuanhang18 

Just to confirm, in S32DS, did you configure the Debug Configurations of the project with the Target label as "SECUREDEBUG"?

VaneB_0-1699988682106.png

VaneB_1-1699988700017.png

This is necessary because during debug entry a hard reset is toggled which clears the authentication.

 

B.R.

VaneB

0 Kudos
Reply

‎11-14-2023 06:19 PM
1,274 Views
yuanhang18
Contributor I

Hi,VaneB

Thank you for your help

I've tried to use it with S32K314-SECUREDEBUG and the result is the same.

yuanhang18_0-1700010984502.png

 

 

0 Kudos
Reply

‎11-16-2023 12:50 PM
1,232 Views
VaneB
NXP TechSupport
NXP TechSupport

Hi @yuanhang18 

Thank you for the feedback.

According to the provided information, we understand that you implement secure debug with a UID diversified, is this correct? From our side, We tested the mentioned steps for challenge-response with a plain ADKP, and it works without any problem.

Unfortunately, we were not able to replicate your issue. I recommend contacting the person who provided you the presentation shared before so, they can offer you further support in this part.

Sorry for the inconvenience.

0 Kudos
Reply

‎11-16-2023 07:21 PM
1,213 Views
yuanhang18
Contributor I

Hi,@VaneB

Thank you for your reply.

Can you provide a plain project of ADKP?

if it's okay , I will send you the email address.

 

Best Regards.

 

 

0 Kudos
Reply

‎11-17-2023 09:23 AM
1,200 Views
VaneB
NXP TechSupport
NXP TechSupport

Hi @yuanhang18 

The information of the HSE is under NDA (Non-Disclosure Agreement) and is not public, and I am not able to share the information due to the security levels. So, please create a support ticket.

0 Kudos
Reply