key Management

kerti1 · ‎06-18-2025

Hi,

1.I am working with the S32K314 and have implemented ECDH. During testing, I commented out the key generation code. For production, I would like to ensure that key generation occurs only once and is not repeated on every boot. Is there a recommended approach or any specific flags in the HSE to handle this?

2.Additionally, I currently declare a key as a global variable and write it to NVM. However, this results in the key being visible globally in the code. Is there a way to import the key directly into the HSE without declaring it as a global variable?

Thanks in advance.

lukaszadrapa · ‎06-22-2025

Hi @kerti1

1. When generating a key, NVM key slot must be empty. The generation will not be successful, if the key was already generated in the slot.

If you want to update internally generated key, it can be done via the key import service.

2. There are two options:

a) Use some communication interface in production to provide the keys for import.

b) Force the keys to some separate segment in flash memory. Once the keys are imported, erase the memory segment.

Regards,

Lukas