command CMD_DBG_CHAL operation consultation

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

command CMD_DBG_CHAL operation consultation

1,645件の閲覧回数
584914019
Contributor III

I saw the following description in the reference manual. Does the command CMD_DBG_CHAL have to be followed by the command COMD_DBG_AUTH? What will happen if other commands are executed between the two commands? At present, I dare not add it randomly. I am afraid that the chip will be locked up, so please consult your side.

584914019_0-1620977698251.png

 

0 件の賞賛
返信
6 返答(返信)

1,628件の閲覧回数
584914019
Contributor III

In the following sample code, there are other commands executed in step 5. Why?

 

584914019_0-1620985184928.jpeg

 

0 件の賞賛
返信

1,618件の閲覧回数
danielmartynek
NXP TechSupport
NXP TechSupport

Hi @584914019,

Step 5 is needed to calculate the authorization.

Please see function DBG_AUTH() in AN5401, example 5.

Or you can use the SDK driver, example: csec_keyconfig_s32k144 function eraseKeys().

 

Regards,

Daniel

0 件の賞賛
返信

1,597件の閲覧回数
584914019
Contributor III

In the csec_keyconfig_s32k146 function deleteKeys(), you can see that CMD_DBG_CHAL() and CMD_DBG_AUTH have other commands CMD_GENERATE_MAC, as shown in step 2 in the figure below,Does the "CMD_DBG_CHA" command have to be followed by the command "CMD_DBG_AUTH"?

584914019_0-1621218972735.jpeg

 

 

0 件の賞賛
返信

1,636件の閲覧回数
danielmartynek
NXP TechSupport
NXP TechSupport

Hi,

Yes, the CMD_DBG_CHAL command must be followed by the CMD_DBG_AUTH command, otherwise the CMD_DBG_CHAL
command would be required to be reissued before continuing.

Please refer to AN5401 Getting Started with CSEc Security Module

4.5 Resetting Flash to the Factory State

AN5401SW.zip  Example 5, Resetting flash to the factory state

danielmartynek_0-1620984702810.png

https://www.nxp.com/products/processors-and-microcontrollers/arm-microcontrollers/s32k-automotive-mc...

 

Regards,

Daniel

 

 

 

0 件の賞賛
返信

1,571件の閲覧回数
584914019
Contributor III

In the csec_keyconfig_s32k146 function deleteKeys(), you can see that CMD_DBG_CHAL() and CMD_DBG_AUTH have other commands CMD_GENERATE_MAC, as shown in step 2 in the figure below,Does the "CMD_DBG_CHA" command have to be followed by the command "CMD_DBG_AUTH"?

584914019_0-1621387041471.jpeg

 

 

0 件の賞賛
返信

1,554件の閲覧回数
danielmartynek
NXP TechSupport
NXP TechSupport

Hi @584914019,

The challenge and response(authorization) is a two-step operation.

But the calculation of CMAC needs to be done before we can send the response (authorization) to CSEc. And this step can’t be ignored or calculated before the challenge is issued, the challenge is a random number.

The RM does not say no CSEc operation can be performed between these two steps, that's impossible.

Also, AN5401 shows how to generate the CMAC of response (authorization).

 

Regards,

Daniel

0 件の賞賛
返信