Usage of CSE to implement AES128

cancel
Showing results for 
Search instead for 
Did you mean: 

Usage of CSE to implement AES128

1,242 Views
Contributor II

hi,

I am planning to use S32K144 controller for one of our projects.

We have AES128 Algorithm to be implemented in the project. I understand, CSE is available in S32K144 and same can be used for implementing AES128.

But could not find much info on how to use this. Please let me know if any application note available that explain the usage of CSE for implementing AES128 algorithm.

Thanks.

Tags (1)
0 Kudos
13 Replies

201 Views
NXP TechSupport
NXP TechSupport

Hi,

Please refer to AN5401 Getting Started with CSEc Security Module

AN5401SW.zip contains an example Code for AES-128 Encoding and Decoding

Regards,

Daniel

0 Kudos

201 Views
Contributor III

Hi danielmartynek,

      In the sample code, the key counter and attribute flags are being bit shifted before loading into PRAM for calculating M2. Could you please explain this? Can you please guide me to any documentation with respect to this?

pastedImage_1.png

0 Kudos

201 Views
Contributor II

Hi,

I tried using the above sample code.I am using Configuration of CSE module in S32K144 and also on S32K148.

After program partition command execution i see below behavior

1. ACCERR bit set

2. FCNG->EEERDY bit is not set

using same code as provided.

Tried other command 0x41 which is working fine.

Can you please tell me any modification is required for the sample code or any other checks needs to be done.

There is an reset happened after complete run is executed in debugger.This is happening while waiting for CCIF bit to set after command execution.Reset register indicate Core Lockup issue.

Regards,

Sudarshan

0 Kudos

201 Views
NXP TechSupport
NXP TechSupport

Hi,

Do you run the examples from RAM?

Regards,

Daniel

0 Kudos

201 Views
Contributor II

Hi Daniel,

I tried to run it in RAM, core lockup is not happening, but i could see ACCERR bit is always set after Partition request and 

FCNG->EEERDY bit is not set

Regards,

Sudarshan

0 Kudos

201 Views
NXP Employee
NXP Employee

Hello Sudarshan,

Could you please check if the device you are using has security support, by checking the value of the SIM_SDID register?

Best regards,

Veronica

0 Kudos

201 Views
Contributor II

Hello Veronica,

SDID register is returning 0 value after reset and if am in break point read is not possible(Embsys register read).

I have question partition command has any dependencies if device supports CSE or not.

Regards,

Sudarshan

0 Kudos

201 Views
NXP Employee
NXP Employee

Hello Sudarshan,

 

Program partition command should work even if the device does not support CSEc, but the CSEc Key Size parameter of the command must be 0 in this case.

 

Best regards,

Veronica

0 Kudos

201 Views
Contributor II

Hi Veronica,

Now i got Q100 EVB and i ran only partition command and i could see partition is happening EEERDY bit is set also Secured.

After reset i am not able to connect debugger, looks like controller is locked.

I tried Emergency Kinetics Device Recovery by Full Chip Erase

Can you tell me how can reset it to unsecure mode

0 Kudos

201 Views
NXP Employee
NXP Employee

Hello Sudarshan,

 

Could you please explain exactly the steps you followed? Did you run an Erase All Blocks command prior to running the Program Partition command? Did you run Program Partition command using 0 for CSEc Key Size?

 

Best regards,

Veronica

0 Kudos

201 Views
Contributor II

Hi Veronica,

Main function i ran below code

1. Erase all block (0x44)

2. Program Partition Command (0x81) with key value 03(20 keys)

3. Checked in while for security enable was success

Now debug access is not possible, RESET LED is continuously to ON.

I could see start up file has below values assigned and section start address is 0x400

/* Flash Configuration */
.section .FlashConfig, "a"
.long 0xFFFFFFFF /* 8 bytes backdoor comparison key */
.long 0xFFFFFFFF /* */
.long 0xFFFFFFFF /* 4 bytes program flash protection bytes */
.long 0xFFFF7FFE /* FDPROT:FEPROT:FOPT:FSEC(0xFE = unsecured) */

I am using S32K144EVB Q100 board

By using MDM-AP register is it possible to set mass erase or "flash from file" option can help?

Regards,

Sudarshan

0 Kudos

201 Views
NXP Employee
NXP Employee

Hello Sudarshan,

Please check the following note from the RM:

note.PNG

So, the flash configuration field you mentioned in your comment, would need to be written immediately after step 1 (erase all block), otherwise the chip will be secured after the next reset.

Considering the attached note, mass erase will not work anymore.

I would recommend using the csec_keyconfig example in the S32 SDK, which shows how the Flash should be partitioned for CSEc usage.

Best regards,

Veronica

0 Kudos

201 Views
Contributor II

Hi Veronica,

Currently my EVB board i am not able to connect to debug mode, Is there any way i can execute mass erase.

Like trying JFlash tool to erase.

I checked for 1_Configure_part_and_Load_keys code and did same steps.

1.Only they do addition is load keys.

2.Erase All Blocks I have added extra before Partition.

Through EVB S32K144 SWD connector can i connect and debug?

Regards,

Sudarshan

0 Kudos