Team,
I would like to use S32K3xx software package to perform both the HSE and application software update. But, I notice the HSE firmware contains an OS already which exports some of the services to HSE demo application. I don't see how I can use the same demo application and build an application with HSE and application update over CAN functionality. Could you please advise on how to HSE firmware or what package to use which contains both the functionality support?
Thanks,
Dinesh
Hi @lukaszadrapa ,
I have a couple of questions while exploring the inputs from your response also after exploring the documents and training videos. We might have to finally use this HSE firmware and application to perform secure boot without the Trace32 scripts or debugger.
1) I believe usage of T32 might be just a one time process where we load the ADKP and HSE A/B swap firmware installation in case of Basic Secure Boot. How is the ADKP generated, is it just the SHA-256 hash for M7 application firmware as is? Or should I just use the default value available as part of the package?
2) How does it support in authenticating the firmware? As I see this product supports chain of trust, so how do we add keys separately for M7 application firmware and M0+ HSE demo application firmware during production and during OTA update?
3) If the above actions are done, can the actual task of performing a secure boot done using the one of the HSE demo examples with let's say Basic Secure Boot project without the support of T32 debugger?
4) And incase of the OTA update demo I see it only supports S32K344 chipset, whereas my requirement is between S32K311/S32K312. Are there any constraints to usage of the same only on S32K344? Is there any provision for porting support to my required chipset?
5) Apart from that my understanding is that the OTA update application is inclusive of the secure update for M7 application core with Safety Peripheral Driver containing CAN support, HSE crypto drivers and the HSE firmware itself. And all these four levels of the software stack run on M0+ core of the S32K311/S32K312 chipset. If this is not the case how do assemble all these blocks together?
Kindly, share with some training videos/documents if any that covers all these aspects which is required as part of any product development using Secure Boot and secure update on S32K3xx chipset.
Thanks,
Dinesh
Hi @Dinesh_S14
1. You do not need T32 at all.
We provide document AN744810 “HSE FW install for S32K3xx” which describes how to install the firmware. It can be found in Documentation in Secure Files section:
https://www.nxp.com/products/processors-and-microcontrollers/s32-automotive-platform/s32k-auto-gener...
In short, there are two options – the firmware can be installed with or without IVT. If you select „without IVT“ method, it’s as simple as this: just program the „HSE FW usage“ word in flash and then program the pink file to 0x0040_0000 and reset the MCU. That’s all you need to do.
There are also examples S32K344_HSE_FW_INSTALL and S32K344_HSE_FW_UPDATE in HSE examples package:
https://www.nxp.com/webapp/Download?colCode=S32K3_HSE_DemoExamples
You should select own ADKP, do not use the default one. You can take a look at this example to see how to install the ADKP:
c:\NXP\S32K3_HSE_DemoExamples_1_0_0\S32K3_HSE_DemoExamples\Device_Configuration\S32K344_CQC_DEMO\
2. We provide Secure Boot application note including demo projects which explains all the steps in detail. It can be downloaded from:
https://www.nxp.com/products/processors-and-microcontrollers/s32-automotive-platform/s32k-auto-gener...
Application note can be found here:
Documentation -> Secure Files -> Secure Boot Application note v0.1.1.0 (AN744511)
Associated demo project can be downloaded here:
Design Resources -> Software -> Secure Files -> SecureBootAppNoteDemo (SW745310)
On top of that, HSE FW offers a number of services for digital signature generation and verification. It depends on your requirement what will be used.
3. Yes, as already mentioned, you do not need T32 at all.
4. The OTA DEMO was written only for device S32K344, not for all lower S32K3 derivatives. It can be ported also to S32K311/312. You just need to respect different flash layout. See “Table 182. AB swap configuration” in S32K3 RM.
5. No. M0+ core is exclusively used by HSE firmware only, user do not have access to this core at all. You can only use HSE services via Messaging Unit. S32K311/312 are single core devices, you can use only the M7 core. So, all the code for update (CAN, flash programming…) is running on M7 (it’s part of your application code) and you only use HSE services to swap the partitions etc…
Regards,
Lukas
Hi @lukaszadrapa ,
I believe I'm getting any closer to my use case. Thanks for the insights. Few more questions as below:
1) I have tried requesting for secure file access and via the S32K3xx general purpose MCU page for the list of documents you had mentioned and have got access as well but could not find the files you mentioned. Could you please share the links of those files/share the same over the support case?
2) If T32 is not used, then the do you mean any JTAG debugger would be able to connect with S32 design studio and debug/flash the binary built from the demo application project?
3) From the HSE FAQ, I see the below being provided for configuring the ADKP but how do we do those operations? Are there any tools to generate/verify if the ADKP is correct? What is UID, where do we get that from?
4) For secure update, what is the purpose of using the key generation services within the MCU? Whereas, in field updates would require the private and public keys to be generated at the OEM if using RSA encryption method and share with the MCU or something similar? How does this work? And, what kind of host support tools are being provided by NXP? If not, what are the decryption methods used so we can encrypt using the same method?
Apologies for bombarding you with so many questions. Somehow, I'm unable to fill these gaps with the documents I have found so far.
Thanks,
Dinesh
Hi @Dinesh_S14
finally I found some time. Sorry for delay.
1. Well, this is not a question directly for me. I recommend to either follow all the FAQs:
https://www.nxp.com/support/support/secure-access-rights/secure-access-rights-faqs:SEC-ACCESS-FAQS
... or if it doesn't, please submit a ticket:
https://support.nxp.com/s/?language=en_US
2. Yes, you can use any debugger which supports this device. HSE_DEMOAPP project is a specific case, this will work only with T32.
3. It needs to be supported by your debugger. If T32 is used, you can check debug_App_ADKP.py in HSE_DEMOAPP. If S32 Design Studio and Pemicro debug probe is used, read please https://www.pemicro.com/blog/index.cfm?post_id=216
4. There's not much to say from my side. OEM should take control creating a pathway to security throughout the vehicles’ lifecycle. We do not provide host support tools.
Regards,
Lukas
Hi @Dinesh_S14
HSE demo application needs a debugger for correct execution. As shown in readme file of the demo, user menu is used in T32 debugger. There’s a kind of state machine in the demo which is controlled by debugger. The debugger just changes some variables to control the state machine. So, the demo application cannot be simply executed without T32. If you don’t have this debugger, you can only re-use some code.
Then we have new set of HSE example which was release three weeks ago:
https://www.nxp.com/webapp/Download?colCode=S32K3_HSE_DemoExamples
This could be better start to examine the HSE.
And then there’s OTA DEMO application which can be found in S32K3 Reference Software:
https://www.nxp.com/webapp/swlicensing/sso/downloadSoftware.sp?catid=SW32K3-REFSW-D
This also shows how to use some HSE features and then it also shows how to use AB swap – how to program passive block with new application and then how to activate the passive block, so new application can run after reset.
The bootloader can be embedded in your application. Due to automatic remapping between active and passive blocks, it’s not necessary to jump from bootloader to application etc. So, your application can contain a code which will just load new app from somewhere, program it to passive block and then switch active/passive block by HSE service. Advantage of this solution is that old application can still run during the update even on single core device, the downloading of new app and programming should not affect the old application too much. Disadvantage of such solution is that also new application must contain this “bootloader” code.
In this case, the linker file is very simple, just force your application to 0x0040_0000. You do not need to consider address of passive ever due to automatic remapping. Even if application is compiled for address 0x0040_0000, your bootloader should program it to passive block.
Regards,
Lukas