S32K312 HSE secureboot SMR installation failed

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

S32K312 HSE secureboot SMR installation failed

2,145 Views
Yiming2
Contributor III

hello all 

we met a question when we implement the secure boot. We tried to install the defined SMR table into the HSE using the HSELIB API. But it always return the 0x55A5A399 which means HSE_SRV_RSP_INVALID_PARAM. But we checked several times for the parameters we input the HSELIB Install API. but we didn't find any uncorrect parameters.

Detailed information:

MCU: S32K312 publickey has been provioned into HSE.

for smrenty is shown as below:

 smrEntry_Test[4].configFlags                   = HSE_SMR_CFG_FLAG_INSTALL_AUTH;    /* Indicate that verification should be done on provided signature*/
    smrEntry_Test[4].pSmrDest                    = 0U;                 /* Destination address shall be NULL for flashed based devices*/
    smrEntry_Test[4].checkPeriod                   = 0U;                 /* If not 0, SMR will be automatically and periodically verified at run-time regardless of  verifMethod*/
    smrEntry_Test[4].pSmrSrc                     = 0x00520000ul;             /* Start of APP code*/
    smrEntry_Test[4].smrSize                     = 0x124;                          /* Length of APP code (test use value like 0x00010000U)*/
    smrEntry_Test[4].authKeyHandle                  = NVM_CUST_RSA2048_BOOT_PUB_KEY;    /* HANDLE0 -> HANDLE1(The actual import key slot of RSA keys)*/
    smrEntry_Test[4].authScheme.sigScheme.signSch          = HSE_SIGN_RSASSA_PSS;
    smrEntry_Test[4].authScheme.sigScheme.sch.rsaPss.hashAlgo    = HSE_HASH_ALGO_SHA2_256;
    smrEntry_Test[4].authScheme.sigScheme.sch.rsaPss.saltLength    = 32UL;
#if 1
    smrEntry_Test[4].pInstAuthTag[0]                 = 0x00510000UL;  /* Signature tag address*/
#else
    smrEntry_Test[4].pInstAuthTag[0]                 = (uint32_t)NULL; ;  /* Signature tag address*/
#endif
    smrEntry_Test[4].pInstAuthTag[1]                 = (uint32_t)NULL;  

below is the install the smr API details:

hseSrvResponse_t HSE_InstallSmrEntry
(
    const uint8_t entryIndex,
    const hseSmrEntry_t *pSmrEntry,
    const uint8_t *pData,
    const uint32_t dataLen,
    const uint8_t *pSign0,
    const uint8_t *pSign1,
    const uint32_t SignLen0,
    const uint32_t SignLen1
)
{
    uint8_t u8MuChannel = 1U;
    /*hseSrvDescriptor_t *pHseSrvDesc;*/
    /*hseSmrEntryInstallSrv_t *pSmrEntryInstall;*/
    hseSrvResponse_t srvResponse = HSE_SRV_RSP_GENERAL_ERROR;

 

    /* Clear the service descriptor placed in shared memory */
    pHseSrvDesc = &gHseSrvDesc[MU0][u8MuChannel];
    pSmrEntryInstall = &(pHseSrvDesc->hseSrv.smrEntryInstallReq);
    memset(pHseSrvDesc, 0, sizeof(hseSrvDescriptor_t));

  pSmrEntryInstallTemp = pSmrEntryInstall;

 

  pSign0_Temp = PTR_TO_HOST_ADDR(pSign0);;
  pSign1_Temp = PTR_TO_HOST_ADDR(pSign1);

 

  SignLen0Temp = SignLen0;
  SignLen1Temp = SignLen1;

 

  srvId_Temp = HSE_SRV_ID_SMR_ENTRY_INSTALL;

 

    /* Fill the service descriptor */
    pHseSrvDesc->srvId = HSE_SRV_ID_SMR_ENTRY_INSTALL;
    pSmrEntryInstall->accessMode = HSE_ACCESS_MODE_ONE_PASS;
    pSmrEntryInstall->entryIndex = entryIndex;
    pSmrEntryInstall->pSmrEntry = PTR_TO_HOST_ADDR(pSmrEntry);

 

    pSmrEntryInstall->pSmrData = PTR_TO_HOST_ADDR(pData);
    pSmrEntryInstall->smrDataLength = dataLen;
    pSmrEntryInstall->pAuthTag[0] = PTR_TO_HOST_ADDR(pSign0);
    pSmrEntryInstall->pAuthTag[1] = PTR_TO_HOST_ADDR(pSign1);
    pSmrEntryInstall->authTagLength[0] = SignLen0;

    #if 1
  pSmrEntryInstall->authTagLength[1] = 0;
  #else
    pSmrEntryInstall->authTagLength[1] = SignLen1;
  #endif
  pHseSrvDescTemp = pHseSrvDesc;

 

    /* Send the request synchronously */
    srvResponse = HSE_Send(MU0, u8MuChannel, gSyncTxOption, pHseSrvDesc);
    return srvResponse;
}

below is the key information:

  /****************************** NVM  RSA-PUB *****************************/
    /* Import RSA keys for secure boot.                                      */
  srvResponse = ImportPlainRsaKeyReq(
            NVM_CUST_RSA2048_BOOT_PUB_KEY, 
            HSE_KEY_TYPE_RSA_PUB,
            (HSE_KF_USAGE_VERIFY),
            (HOST_ADDR)rsa2048CustAuthKeyModulus,
            rsa2048CustAuthKeyModulusLength,
            (HOST_ADDR)rsa2048CustAuthKeyPubExp,
            rsa2048CustAuthKeyPubExpLength,
            (HOST_ADDR) NULL,
            0UL
            );
  ASSERT(HSE_SRV_RSP_OK == srvResponse);

Tags (2)
0 Kudos
Reply
6 Replies

2,031 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @Yiming2 

I tested secure boot with RSA key two or three weeks ago and I can see that your SMR configuration is almost exactly the same. Just different addresses and sizes but there's no functional difference. Everything seems to be correct. 

Was the import of RSA key successful? 

Is data cache turned off?

Regards,

Lukas

0 Kudos
Reply

2,019 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Could you try align the size to 128 bytes? I didn't notice that first time. You use value 0x124. 

lukaszadrapa_0-1756277621484.png

 

0 Kudos
Reply

1,872 Views
Yiming2
Contributor III
hello , I am sorry for the misstake. We have found the rootcourse that we used the wrong HSELIB. In that HSELIB the SMRENTRY struct is not correct. And we update the new one, then the SMR successfully installed.
0 Kudos
Reply

1,760 Views
luhaiou
Contributor II

I also encountered the same problem.I also received an invalid parameter return code 0x55A5A399.

I want to know where the SMRENTRY struct has a problem.

You have used The FW version is 0_2_40_0 , I want to know What version of HSELIB is the problem found in?

I hope you can reply, thank you very much.

Tags (1)
0 Kudos
Reply

2,099 Views
davidtosenovjan
NXP TechSupport
NXP TechSupport

Could you describe what is your configuration based on? Which is used FW and SBAF version, its configuration (FULL_MEM, AB_SWAP) and other information we should know. Thanks

0 Kudos
Reply

2,069 Views
Yiming2
Contributor III
hello thanks for your reply.
the code is created based on HSELIB.
The FW version is 0_2_40_0.
And SBAF is 00 0D 00 00 00 08 00 00.
Configuration is FULL_MEM.
if you need more information ,please let me know. Thank you very much.
0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2155823%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ES32K312%20HSE%20secureboot%20SMR%20installation%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2155823%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3Ehello%20all%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20met%20a%20question%20when%20we%20implement%20the%20secure%20boot.%20We%20tried%20to%20install%20the%20defined%20SMR%20table%20into%20the%20HSE%20using%20the%20HSELIB%20API.%20But%20it%20always%20return%20the%200x55A5A399%20which%20means%26nbsp%3BHSE_SRV_RSP_INVALID_PARAM.%20But%20we%20checked%20several%20times%20for%20the%20parameters%20we%20input%20the%26nbsp%3BHSELIB%20Install%20API.%20but%20we%20didn't%20find%20any%20uncorrect%20parameters.%3C%2FP%3E%3CP%3EDetailed%20information%3A%3C%2FP%3E%3CP%3EMCU%3A%20S32K312%20publickey%20has%20been%20provioned%20into%20HSE.%3C%2FP%3E%3CP%3Efor%20smrenty%20is%20shown%20as%20below%3A%3C%2FP%3E%3CP%3E%3CSPAN%3E%E2%80%83smrEntry_Test%5B4%5D.configFlags%20%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%3D%20HSE_SMR_CFG_FLAG_INSTALL_AUTH%3B%E2%80%83%E2%80%83%20%26nbsp%3B%2F*%20Indicate%20that%20verification%20should%20be%20done%20on%20provided%20signature*%2F%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83smrEntry_Test%5B4%5D.pSmrDest%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%3D%200U%3B%20%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%2F*%20Destination%20address%20shall%20be%20NULL%20for%20flashed%20based%20devices*%2F%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83smrEntry_Test%5B4%5D.checkPeriod%20%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%3D%200U%3B%20%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%2F*%20If%20not%200%2C%20SMR%20will%20be%20automatically%20and%20periodically%20verified%20at%20run-time%20regardless%20of%26nbsp%3B%20verifMethod*%2F%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83smrEntry_Test%5B4%5D.pSmrSrc%20%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%3D%200x00520000ul%3B%20%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%2F*%20Start%20of%20APP%20code*%2F%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83smrEntry_Test%5B4%5D.smrSize%20%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%3D%200x124%3B%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%2F*%20Length%20of%20APP%20code%20(test%20use%20value%20like%200x00010000U)*%2F%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83smrEntry_Test%5B4%5D.authKeyHandle%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%3D%20NVM_CUST_RSA2048_BOOT_PUB_KEY%3B%E2%80%83%E2%80%83%20%26nbsp%3B%2F*%20HANDLE0%20-%26gt%3B%20HANDLE1(The%20actual%20import%20key%20slot%20of%20RSA%20keys)*%2F%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83smrEntry_Test%5B4%5D.authScheme.sigScheme.signSch%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%3D%20HSE_SIGN_RSASSA_PSS%3B%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83smrEntry_Test%5B4%5D.authScheme.sigScheme.sch.rsaPss.hashAlgo%E2%80%83%E2%80%83%20%26nbsp%3B%3D%20HSE_HASH_ALGO_SHA2_256%3B%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83smrEntry_Test%5B4%5D.authScheme.sigScheme.sch.rsaPss.saltLength%E2%80%83%E2%80%83%20%26nbsp%3B%3D%2032UL%3B%3CBR%20%2F%3E%23if%201%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83smrEntry_Test%5B4%5D.pInstAuthTag%5B0%5D%20%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%3D%200x00510000UL%3B%E2%80%83%E2%80%83%2F*%20Signature%20tag%20address*%2F%3CBR%20%2F%3E%23else%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83smrEntry_Test%5B4%5D.pInstAuthTag%5B0%5D%20%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%3D%20(uint32_t)NULL%3B%20%3B%E2%80%83%E2%80%83%2F*%20Signature%20tag%20address*%2F%3CBR%20%2F%3E%23endif%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83smrEntry_Test%5B4%5D.pInstAuthTag%5B1%5D%20%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%3D%20(uint32_t)NULL%3B%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3Ebelow%20is%20the%20install%20the%20smr%20API%20details%3A%3C%2FP%3E%3CP%3EhseSrvResponse_t%20HSE_InstallSmrEntry%3CBR%20%2F%3E(%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20const%20uint8_t%20entryIndex%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20const%20hseSmrEntry_t%20*pSmrEntry%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20const%20uint8_t%20*pData%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20const%20uint32_t%20dataLen%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20const%20uint8_t%20*pSign0%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20const%20uint8_t%20*pSign1%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20const%20uint32_t%20SignLen0%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20const%20uint32_t%20SignLen1%3CBR%20%2F%3E)%3CBR%20%2F%3E%7B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20uint8_t%20u8MuChannel%20%3D%201U%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%2F*hseSrvDescriptor_t%20*pHseSrvDesc%3B*%2F%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%2F*hseSmrEntryInstallSrv_t%20*pSmrEntryInstall%3B*%2F%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20hseSrvResponse_t%20srvResponse%20%3D%20HSE_SRV_RSP_GENERAL_ERROR%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%2F*%20Clear%20the%20service%20descriptor%20placed%20in%20shared%20memory%20*%2F%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20pHseSrvDesc%20%3D%20%26amp%3BgHseSrvDesc%5BMU0%5D%5Bu8MuChannel%5D%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20pSmrEntryInstall%20%3D%20%26amp%3B(pHseSrvDesc-%26gt%3BhseSrv.smrEntryInstallReq)%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20memset(pHseSrvDesc%2C%200%2C%20sizeof(hseSrvDescriptor_t))%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%E2%80%83%E2%80%83pSmrEntryInstallTemp%20%3D%20pSmrEntryInstall%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%E2%80%83%E2%80%83pSign0_Temp%20%3D%20PTR_TO_HOST_ADDR(pSign0)%3B%3B%3CBR%20%2F%3E%E2%80%83%E2%80%83pSign1_Temp%20%3D%20PTR_TO_HOST_ADDR(pSign1)%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%E2%80%83%E2%80%83SignLen0Temp%20%3D%20SignLen0%3B%3CBR%20%2F%3E%E2%80%83%E2%80%83SignLen1Temp%20%3D%20SignLen1%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%E2%80%83%E2%80%83srvId_Temp%20%3D%20HSE_SRV_ID_SMR_ENTRY_INSTALL%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%2F*%20Fill%20the%20service%20descriptor%20*%2F%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20pHseSrvDesc-%26gt%3BsrvId%20%3D%20HSE_SRV_ID_SMR_ENTRY_INSTALL%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20pSmrEntryInstall-%26gt%3BaccessMode%20%3D%20HSE_ACCESS_MODE_ONE_PASS%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20pSmrEntryInstall-%26gt%3BentryIndex%20%3D%20entryIndex%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20pSmrEntryInstall-%26gt%3BpSmrEntry%20%3D%20PTR_TO_HOST_ADDR(pSmrEntry)%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20pSmrEntryInstall-%26gt%3BpSmrData%20%3D%20PTR_TO_HOST_ADDR(pData)%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20pSmrEntryInstall-%26gt%3BsmrDataLength%20%3D%20dataLen%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20pSmrEntryInstall-%26gt%3BpAuthTag%5B0%5D%20%3D%20PTR_TO_HOST_ADDR(pSign0)%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20pSmrEntryInstall-%26gt%3BpAuthTag%5B1%5D%20%3D%20PTR_TO_HOST_ADDR(pSign1)%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20pSmrEntryInstall-%26gt%3BauthTagLength%5B0%5D%20%3D%20SignLen0%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%23if%201%3CBR%20%2F%3E%E2%80%83%E2%80%83pSmrEntryInstall-%26gt%3BauthTagLength%5B1%5D%20%3D%200%3B%3CBR%20%2F%3E%E2%80%83%E2%80%83%23else%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20pSmrEntryInstall-%26gt%3BauthTagLength%5B1%5D%20%3D%20SignLen1%3B%3CBR%20%2F%3E%E2%80%83%E2%80%83%23endif%3CBR%20%2F%3E%E2%80%83%E2%80%83pHseSrvDescTemp%20%3D%20pHseSrvDesc%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%2F*%20Send%20the%20request%20synchronously%20*%2F%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20srvResponse%20%3D%20HSE_Send(MU0%2C%20u8MuChannel%2C%20gSyncTxOption%2C%20pHseSrvDesc)%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20return%20srvResponse%3B%3CBR%20%2F%3E%7D%3C%2FP%3E%3CP%3Ebelow%20is%20the%20key%20information%3A%3C%2FP%3E%3CP%3E%3CSPAN%3E%E2%80%83%E2%80%83%2F******************************%20NVM%26nbsp%3B%20RSA-PUB%20*****************************%2F%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%2F*%20Import%20RSA%20keys%20for%20secure%20boot.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20*%2F%3CBR%20%2F%3E%E2%80%83%E2%80%83srvResponse%20%3D%20ImportPlainRsaKeyReq(%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20NVM_CUST_RSA2048_BOOT_PUB_KEY%2C%26nbsp%3B%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20HSE_KEY_TYPE_RSA_PUB%2C%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20(HSE_KF_USAGE_VERIFY)%2C%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20(HOST_ADDR)rsa2048CustAuthKeyModulus%2C%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20rsa2048CustAuthKeyModulusLength%2C%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20(HOST_ADDR)rsa2048CustAuthKeyPubExp%2C%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20rsa2048CustAuthKeyPubExpLength%2C%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20(HOST_ADDR)%20NULL%2C%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%200UL%3CBR%20%2F%3E%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%E2%80%83%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20)%3B%3CBR%20%2F%3E%E2%80%83%E2%80%83ASSERT(HSE_SRV_RSP_OK%20%3D%3D%20srvResponse)%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2170101%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20S32K312%20HSE%20secureboot%20SMR%20installation%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2170101%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EI%20also%20encountered%20the%20same%20problem.I%20also%20received%20an%20invalid%20parameter%20return%20code%200x55A5A399.%3C%2FP%3E%3CP%3EI%20want%20to%20know%20where%20the%20SMRENTRY%20struct%20has%20a%20problem.%3C%2FP%3E%3CP%3EYou%20have%20used%20The%20FW%20version%20is%200_2_40_0%20%2C%20I%20want%20to%20know%20What%20version%20of%20HSELIB%20is%20the%20problem%20found%20in%3F%3C%2FP%3E%3CP%3EI%20hope%20you%20can%20reply%2C%20thank%20you%20very%20much.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2164063%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20S32K312%20HSE%20secureboot%20SMR%20installation%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2164063%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3Ehello%20%2C%20I%20am%20sorry%20for%20the%20misstake.%20We%20have%20found%20the%20rootcourse%20that%20we%20used%20the%20wrong%20HSELIB.%20In%20that%20HSELIB%20the%20SMRENTRY%20struct%20is%20not%20correct.%20And%20we%20update%20the%20new%20one%2C%20then%20the%20SMR%20successfully%20installed.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2158841%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20S32K312%20HSE%20secureboot%20SMR%20installation%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2158841%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3ECould%20you%20try%20align%20the%20size%20to%20128%20bytes%3F%20I%20didn't%20notice%20that%20first%20time.%20You%20use%20value%200x124.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22lukaszadrapa_0-1756277621484.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22lukaszadrapa_0-1756277621484.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F354253i8670E3DCF75D81B9%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22lukaszadrapa_0-1756277621484.png%22%20alt%3D%22lukaszadrapa_0-1756277621484.png%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2158776%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20S32K312%20HSE%20secureboot%20SMR%20installation%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2158776%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226377%22%20target%3D%22_blank%22%3E%40Yiming2%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20tested%20secure%20boot%20with%20RSA%20key%20two%20or%20three%20weeks%20ago%20and%20I%20can%20see%20that%20your%20SMR%20configuration%20is%20almost%20exactly%20the%20same.%20Just%20different%20addresses%20and%20sizes%20but%20there's%20no%20functional%20difference.%20Everything%20seems%20to%20be%20correct.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWas%20the%20import%20of%20RSA%20key%20successful%3F%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIs%20data%20cache%20turned%20off%3F%3C%2FP%3E%0A%3CP%3ERegards%2C%3C%2FP%3E%0A%3CP%3ELukas%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2157244%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20S32K312%20HSE%20secureboot%20SMR%20installation%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2157244%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3Ehello%20thanks%20for%20your%20reply.%3CBR%20%2F%3Ethe%20code%20is%20created%20based%20on%20HSELIB.%3CBR%20%2F%3EThe%20FW%20version%20is%200_2_40_0.%3CBR%20%2F%3EAnd%20SBAF%20is%2000%200D%2000%2000%2000%2008%2000%2000.%3CBR%20%2F%3EConfiguration%20is%20FULL_MEM.%3CBR%20%2F%3Eif%20you%20need%20more%20information%20%2Cplease%20let%20me%20know.%20Thank%20you%20very%20much.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2156627%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20S32K312%20HSE%20secureboot%20SMR%20installation%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2156627%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%3CSPAN%20class%3D%22HwtZe%22%3E%3CSPAN%20class%3D%22jCAhz%20ChMk0b%22%3E%3CSPAN%20class%3D%22ryNqvb%22%3ECould%20you%20describe%20what%20is%20your%20configuration%20based%20on%3F%20Which%20is%20used%20FW%20and%20SBAF%20version%2C%20its%20configuration%20(FULL_MEM%2C%20AB_SWAP)%20and%20other%20information%20we%20should%20know.%20Thanks%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E