s32k3 HSE NVM and RAM key catalogs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

s32k3 HSE NVM and RAM key catalogs

Jump to solution
2,434 Views
luhaiou
Contributor II

     s32k3 HSE NVM and RAM key catalogs are all in SYS_IMG, 

     SYS-IMG is saved in secure NVM (i.e., internal Flash) by the host.

     Why design two types: NVM catalog keys and RAM catalog keys?

     The structure of the NVM catalogs keys is stored in SYS_IMG, why is it called "RAM"?

     What are the principles for setting keys to NVM keys or RAM keyes in my project?

1 Solution
2,324 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @luhaiou 
I'm sorry for delayed response, I just got back from vacation.
Yes, RAM keys are lost and you need to import them again if needed. RAM keys are used as a temporary keys for one-time operations only.
It's not important for user to know what is stored in SYS_IMG exactly.
And regarding SHE secure boot - it depends on used key:

lukaszadrapa_0-1704183951318.png

You can take a look at following example:
c:\NXP\S32K3_HSE_DemoExamples_1_0_0\S32K3_HSE_DemoExamples\Secure_Boot\S32K344_Hse_SHE_SecureBoot_Example\

Regards,
Lukas

View solution in original post

0 Kudos
Reply
3 Replies
2,417 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @luhaiou 

the difference is that RAM catalog is supposed to be used only as temporary storage of keys for certain operations. Please read sections "6.1 Cryptographic keys" and "6.2 Key management" in the HSE-B Firmware Reference Manual.

SYS-IMG contains some details about the RAM catalog but not the key values directly. These keys are stored in secure RAM.

You can take a look at:

https://www.nxp.com/webapp/Download?colCode=S32K3_HSE_DemoExamples

Regards,

Lukas

0 Kudos
Reply
2,408 Views
luhaiou
Contributor II

Thanks for your reply,

Thanks for your S32K3_HSE_DemoExamples .

I have read  HSE-B Firmware Reference Manual twice,But it doesn't explain the doubts about RAM keys yet,

According to your explanation ,

SYS-IMG contains some details about the RAM catalog but not the key values directly. These keys are stored in secure RAM.

Personal understanding,The value stored in secure RAM will be lost when the power is off,then the user needs to re-import the RAM keys every time the chip is powered on.

If my thinking is correct, is there any disadvantage of putting all the RAM keys information in secure RAM compared to putting some details in SYS_IMG.

The HSE-B Firmware Reference Manual does not introduce much about the detailed storage methods of RAM keys, most of them are introduced together with NVM keys, and there are some vague descriptions, such as:

luhaiou_1-1703077160199.png

 

luhaiou_0-1703077106903.png

1.Personal understanding,The value stored in secure RAM will be lost when the power is off,then the user needs to re-import the RAM keys every time the chip is powered on.Whether the idea is correct?

2.For RAM keys, which details are stored in SYS_IMG and which are stored in secure RAM, 

3.What are the advantages of having the RAM key parameter stored in two places?

------------------------------------------------------------------------------------------------

4.If only one region is protected with SMR#0, how can HSE_FW distinguish that SMR#0 is used as a SHE-secure boot instead of an Advanced secure boot.

Looking forward to your reply, thank you very much.

0 Kudos
Reply
2,325 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @luhaiou 
I'm sorry for delayed response, I just got back from vacation.
Yes, RAM keys are lost and you need to import them again if needed. RAM keys are used as a temporary keys for one-time operations only.
It's not important for user to know what is stored in SYS_IMG exactly.
And regarding SHE secure boot - it depends on used key:

lukaszadrapa_0-1704183951318.png

You can take a look at following example:
c:\NXP\S32K3_HSE_DemoExamples_1_0_0\S32K3_HSE_DemoExamples\Secure_Boot\S32K344_Hse_SHE_SecureBoot_Example\

Regards,
Lukas

0 Kudos
Reply