I saw the following description in the reference manual. Does the command CMD_DBG_CHAL have to be followed by the command COMD_DBG_AUTH? What will happen if other commands are executed between the two commands? At present, I dare not add it randomly. I am afraid that the chip will be locked up, so please consult your side.
In the following sample code, there are other commands executed in step 5. Why?
Hi @584914019,
Step 5 is needed to calculate the authorization.
Please see function DBG_AUTH() in AN5401, example 5.
Or you can use the SDK driver, example: csec_keyconfig_s32k144 function eraseKeys().
Regards,
Daniel
In the csec_keyconfig_s32k146 function deleteKeys(), you can see that CMD_DBG_CHAL() and CMD_DBG_AUTH have other commands CMD_GENERATE_MAC, as shown in step 2 in the figure below,Does the "CMD_DBG_CHA" command have to be followed by the command "CMD_DBG_AUTH"?
Hi,
Yes, the CMD_DBG_CHAL command must be followed by the CMD_DBG_AUTH command, otherwise the CMD_DBG_CHAL
command would be required to be reissued before continuing.
Please refer to AN5401 Getting Started with CSEc Security Module
4.5 Resetting Flash to the Factory State
AN5401SW.zip Example 5, Resetting flash to the factory state
Regards,
Daniel
In the csec_keyconfig_s32k146 function deleteKeys(), you can see that CMD_DBG_CHAL() and CMD_DBG_AUTH have other commands CMD_GENERATE_MAC, as shown in step 2 in the figure below,Does the "CMD_DBG_CHA" command have to be followed by the command "CMD_DBG_AUTH"?
Hi @584914019,
The challenge and response(authorization) is a two-step operation.
But the calculation of CMAC needs to be done before we can send the response (authorization) to CSEc. And this step can’t be ignored or calculated before the challenge is issued, the challenge is a random number.
The RM does not say no CSEc operation can be performed between these two steps, that's impossible.
Also, AN5401 shows how to generate the CMAC of response (authorization).
Regards,
Daniel