SHE-key attribute flags

ale_di_vi · ‎10-09-2023

Hi,

I'm working in a project having the CSEc module (microcontroller S32K144). I know that, in order to update SHE-keys, 5 flags must be configured in order to generate the key in the M-format (Write Protection, Boot Protection, Debugger Usage Protection, Wildcard Protection and Key Usage Flag).

In some documents, I read also about Verify Only flag: if set when the key is used for CMAC, it can be used only to verify CMAC, otherwise the key can be used for verification and generation.

The question is: the flags are actually 5? what about the Verify Only flag?

Thank you in advance

lukaszadrapa · ‎10-10-2023

Hi @ale_di_vi

This is an extension to SHE specification. Search for "SFE" keyword (Security Flag Extension) in the reference manual and in the application note AN5401. This is a screenshot from the reference manual, description of Program Partition command:

If you don't want to use this extension, just keep SFE as 0 when running Program Partition command.

Regards,

Lukas

View solution in original post

lukaszadrapa · ‎10-10-2023

Hi @ale_di_vi

This is an extension to SHE specification. Search for "SFE" keyword (Security Flag Extension) in the reference manual and in the application note AN5401. This is a screenshot from the reference manual, description of Program Partition command:

If you don't want to use this extension, just keep SFE as 0 when running Program Partition command.

Regards,

Lukas

ale_di_vi · ‎10-16-2023

Ok, now it is clear.
Many thanks!