S32K314 secure boot(period check)

JiayuZhou · ‎09-29-2024

I want to check application by AES-CMAC periodly:

1.smrEntry.checkPeriod set non zero.

2.smrEntry.pSmrDest set a valid RAM address.

But I have a question, if my application is more than 320kb, but S32K314 only have 320kb SRAM, applicaition can't load to SRAM to execute secure boot periodly.

So, if my application is more than 320kb and want to execute secure boot periodly，how should it be configured?

lukaszadrapa · ‎10-03-2024

Hi @JiayuZhou
Periodic check is not recommended for this use case. It's more convenient to use on-demand secure boot which can check the content directly in the flash memory, so no copy-down is necessary and which can be triggered anytime/periodically by your application if needed.
And I got some information from another team that periodic check is currently not recommended anyway. It looks like the content of flash is copied to RAM only once after reset, so it does not make sense and there are still some open questions. This should be updated and clarified in the future. So, on-demand secure boot is currently preferred solution if it is required to check the content in runtime.
Regards,
Lukas

JiayuZhou · ‎10-07-2024

When application is tampered, in this power-on cycle, host use Hse_SmrVerifyTest(service id=HSE_SRV_ID_SMR_VERIFY) to trigger the verification of application,the response always is OK. After a power failure/reset, secure boot for application is failure.

Besides, I do some other tests: I update SMR of application after updating application.

1.update CMAC for application.

2.install SMR(service id=HSE_SRV_ID_SMR_ENTRY_INSTALL)

3.tamper application.

4.verify SMR(service id=HSE_SRV_ID_SMR_VERIFY)

As a result, the step 4 always is OK, not failure. In theory, the application has been tampered, SMR validation should fail.

codes:

static hseSrvResponse_t InstallSMR(uint8_t Index)

{

hseSrvResponse_t srvResponse = HSE_SRV_RSP_GENERAL_ERROR;

/* 6) Finally, install SMR and CR entry and verify SMR install */

srvResponse = HSE_InstallHse_SmrEntry((Index),

(const hseSmrEntry_t *)&Hse_SmrEntry[Index],

(const uint8_t *)Hse_SmrEntry[Index].pSmrSrc,

Hse_SmrEntry[Index].smrSize,

(const uint8 *)Hse_SecureBootTagAddr[0][Index],

(const uint8 *)Hse_SecureBootTagAddr[1][Index],

Hse_SecureBootTagLen[Index],

Hse_SecureBootTagLen[Index]);

if(srvResponse != HSE_SRV_RSP_OK)

return srvResponse;

uint8_t buff[1024]={0};

Fls_Write_Fls(0x450000- FLASH_OFFSET,sizeof(buff),(uint8 *)buff);

/* verify SMR entry - SMR verify is not allowed for SHE boot,

only on next cycle could it be verified if BOOT_SEQ=0 */

srvResponse = Hse_SmrVerifyTest(Index);

return srvResponse;

}

JiayuZhou · ‎10-07-2024

thank you for your replay.
If I use on-demand secure boot without configuring smrEntry.checkPeriod parameter of SMR table to trigger periodical verification, how to execute to trigger the application verification peridically? As far as I know, SMR table validation is done proactively by the HSE firmware after a reset, can I proactively ask the HSE to validate the application through one of the services?