S32K3xx HSE.Where is the storage location of Boot MAC?

Gimhan · ‎03-10-2025

Greetings,

Prerequisites:
The following contents are created through EB tresos:
1. Under the KerCatalogs option, an NvmKeyCatalog of type SHE is created. The Number of Key Slots is 12, the Max key length in bits is 128, and the Key Owner is ANY. It includes the Master key, Boot MAC Key, and SHE Key1 - 10.
2. Under the CryptoKeyElement option, relevant configurations for the Master Key, Boot MAC Key, and SHE Key1 - 10 are created. Currently, these keys can be written, encrypted, and decrypted normally.
Question:
Can the [Boot MAC] involved in the verification process during the secure boot be written into the non - volatile memory of the HSE through the standard interface [Crypto_KeyElementSet] provided by the Crypto module in the basic software layer? If so, how should EB tresos be configured?

Thanks in advance.

Gimhan

lukaszadrapa · ‎03-11-2025

Hi @Gimhan

BOOT_MAC can be updated as any other SHE key via standard memory update protocol. Here are some screenshots from HSE firmware reference manual:

Regards,

Lukas

Gimhan · ‎03-12-2025

Hi,

Thank you for your reply.

I want to confirm whether Boot Mac is stored in the same 【NvmKeyGroup】 as Master key, Boot MAC key, and SHE key1 - 10. If so, what are the corresponding slots for Master Key, Boot MAC Key, Boot MAC, and SHE Key 1 - 10 respectively?

Regards,

Gimhan

lukaszadrapa · ‎03-13-2025

It corresponds to the screenshot above. And here's the same from Autosar spec:

And here's an example of ID usage which corresponds to the tables:

lukaszadrapa · ‎03-13-2025

I'm sorry I have some troubles with screenshots on my PC. I will attach them here.