FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

[URGENT] S32N55 Secure Debug Implementation - SDAF volkano.exe Issue and HSE2 FW RM Request

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

[URGENT] S32N55 Secure Debug Implementation - SDAF volkano.exe Issue and HSE2 FW RM Request

Jump to solution
3 weeks ago
485 Views
EddiePark
Contributor III

Dear NXP Support Team,

I am currently working on a customer project involving the S32N55 platform with a tight delivery schedule, and I urgently need your support on the following topics related to Secure Debug implementation. Your prompt response would be greatly appreciated.

---

[Topic 1] SDAF volkano.exe - Unable to load crypto library

Environment:
- TRACE32 Package: trace32_n_2026_04_000189919_nxp_s32n55_conf
- SDAF Version: 1.1.0 RTM
- Host OS: Windows 10 x64

Symptom:
All volkano.exe commands (e.g. generate_wrapkey, discover) fail with the following error:
**error** Unable to load crypto library

Steps already taken:
- Copied libeay32.dll and ssleay32.dll (OpenSSL 1.0.2s Win64) into the sdaf folder
- Confirmed VC++ 2017 Redistributable (14.16.27052) is already installed
- Confirmed volkano.exe is a 64-bit binary

Questions:
1. Are there any additional DLLs or middleware required to run volkano.exe?
2. Is a physical SmartCard and card reader mandatory for volkano.exe to function?
3. If a SmartCard is required, could you please advise on the compatible SmartCard model and the middleware installation procedure?
4. Is there a way to use volkano.exe in local storage mode without a SmartCard for development purposes?

---

[Topic 2] Secure Debug Implementation - ADKP Provisioning and Challenge/Response Flow

For our customer project, we are implementing Secure Debug for the S32N55 in OEM_CLOSED lifecycle using the FSS debug domain with Challenge/Response (C/R) authorization mode (HSE_OWNER_DEBUG_AUTH_CR, default mode).

Our current understanding of the flow is as follows:
1. Provision ADKP (32-byte symmetric secret) into OTP fuses via HSE2 SetAttribute (HSE_OTP_FOEM_ADKP_ATTR_ID)
2. Advance lifecycle to OEM_CLOSED
3. At debug time, TRACE32 reads UID and 256-bit Challenge via CHIP.SecureChallenge()
4. volkano.exe computes the Response using the provisioned ADKP
5. TRACE32 connects via SYStem.Option KEYCODE

Questions:
1. Could you confirm that the above flow is correct for S32N55 FSS Secure Debug?
2. What is the exact cryptographic algorithm used to compute the C/R Response from the ADKP and Challenge? (e.g. AES-ECB)
3. Is there any additional configuration required beyond ADKP provisioning (e.g. FOEM_Debug_Auth_Mode fuse setting) to enable C/R mode?
4. Is the MCK (HSE_OTP_FOEM_MCK_ATTR_ID) required for Secure Debug?
5. Could you please share the HSE2 Firmware Reference Manual for S32N55, specifically the chapter covering the Secure Debug Challenge/Response algorithm and ADKP provisioning details? We understand that the C/R Response calculation algorithm may be documented in the HSE-H/M RM (as in the case of S32G2), but we are not certain whether the same algorithm applies to S32N55 HSE2. Clarification on this point would also be greatly appreciated.

This is a critical blocker for our customer project delivery. We would greatly appreciate a response at your earliest convenience.

Best regards,
Eddie Park

0 Kudos
Reply
1 Solution

Jump to solution
3 weeks ago
409 Views
alejandro_e
NXP TechSupport
NXP TechSupport

Hello @EddiePark,

Thanks for reaching out to us. I understand the urgency of your questions, and thus I want to make it clear that I won't be able to help you with everything regarding the S32N55, since it is a pre-production chip,  in the NXP community we can only help you with fully launched products. You can contact your NXP representative/distributor for closer help on this topic.

Furthermore, I do not know the procedure to secure debug with TRACE32, I can share this post which describes how to do it with S32 Design Studio. However, for the S32N55 the steps may differ a bit since it is quite a newer chip, I cannot offer you definitive information as I mentioned above. You can also check this other conversation, which has a similar topic.

For better support on how to do it in TRACE32 I would recommend you to contact lauterbach in parallel. 

 

Please note that I cannot test the ADKP functionality since I am not authorized to modify any OTP configuration of the test boards we have.

 

Let me know if I can help you with anything else.

View solution in original post

0 Kudos
Reply
1 Reply

Jump to solution
3 weeks ago
410 Views
alejandro_e
NXP TechSupport
NXP TechSupport

Hello @EddiePark,

Thanks for reaching out to us. I understand the urgency of your questions, and thus I want to make it clear that I won't be able to help you with everything regarding the S32N55, since it is a pre-production chip,  in the NXP community we can only help you with fully launched products. You can contact your NXP representative/distributor for closer help on this topic.

Furthermore, I do not know the procedure to secure debug with TRACE32, I can share this post which describes how to do it with S32 Design Studio. However, for the S32N55 the steps may differ a bit since it is quite a newer chip, I cannot offer you definitive information as I mentioned above. You can also check this other conversation, which has a similar topic.

For better support on how to do it in TRACE32 I would recommend you to contact lauterbach in parallel. 

 

Please note that I cannot test the ADKP functionality since I am not authorized to modify any OTP configuration of the test boards we have.

 

Let me know if I can help you with anything else.

0 Kudos
Reply