command CMD_DBG_CHAL operation consultation

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

command CMD_DBG_CHAL operation consultation

1,117 Views
584914019
Contributor III

I saw the following description in the reference manual. Does the command CMD_DBG_CHAL have to be followed by the command COMD_DBG_AUTH? What will happen if other commands are executed between the two commands? At present, I dare not add it randomly. I am afraid that the chip will be locked up, so please consult your side.

584914019_0-1620977698251.png

 

0 Kudos
6 Replies

1,100 Views
584914019
Contributor III

In the following sample code, there are other commands executed in step 5. Why?

 

584914019_0-1620985184928.jpeg

 

0 Kudos

1,090 Views
danielmartynek
NXP TechSupport
NXP TechSupport

Hi @584914019,

Step 5 is needed to calculate the authorization.

Please see function DBG_AUTH() in AN5401, example 5.

Or you can use the SDK driver, example: csec_keyconfig_s32k144 function eraseKeys().

 

Regards,

Daniel

0 Kudos

1,069 Views
584914019
Contributor III

In the csec_keyconfig_s32k146 function deleteKeys(), you can see that CMD_DBG_CHAL() and CMD_DBG_AUTH have other commands CMD_GENERATE_MAC, as shown in step 2 in the figure below,Does the "CMD_DBG_CHA" command have to be followed by the command "CMD_DBG_AUTH"?

584914019_0-1621218972735.jpeg

 

 

0 Kudos

1,108 Views
danielmartynek
NXP TechSupport
NXP TechSupport

Hi,

Yes, the CMD_DBG_CHAL command must be followed by the CMD_DBG_AUTH command, otherwise the CMD_DBG_CHAL
command would be required to be reissued before continuing.

Please refer to AN5401 Getting Started with CSEc Security Module

4.5 Resetting Flash to the Factory State

AN5401SW.zip  Example 5, Resetting flash to the factory state

danielmartynek_0-1620984702810.png

https://www.nxp.com/products/processors-and-microcontrollers/arm-microcontrollers/s32k-automotive-mc...

 

Regards,

Daniel

 

 

 

0 Kudos

1,043 Views
584914019
Contributor III

In the csec_keyconfig_s32k146 function deleteKeys(), you can see that CMD_DBG_CHAL() and CMD_DBG_AUTH have other commands CMD_GENERATE_MAC, as shown in step 2 in the figure below,Does the "CMD_DBG_CHA" command have to be followed by the command "CMD_DBG_AUTH"?

584914019_0-1621387041471.jpeg

 

 

0 Kudos

1,026 Views
danielmartynek
NXP TechSupport
NXP TechSupport

Hi @584914019,

The challenge and response(authorization) is a two-step operation.

But the calculation of CMAC needs to be done before we can send the response (authorization) to CSEc. And this step can’t be ignored or calculated before the challenge is issued, the challenge is a random number.

The RM does not say no CSEc operation can be performed between these two steps, that's impossible.

Also, AN5401 shows how to generate the CMAC of response (authorization).

 

Regards,

Daniel

0 Kudos