s32k3 HSE NVM and RAM key catalogs are all in SYS_IMG,
SYS-IMG is saved in secure NVM (i.e., internal Flash) by the host.
Why design two types: NVM catalog keys and RAM catalog keys?
The structure of the NVM catalogs keys is stored in SYS_IMG, why is it called "RAM"?
What are the principles for setting keys to NVM keys or RAM keyes in my project?
Solved! Go to Solution.
Hi @luhaiou
I'm sorry for delayed response, I just got back from vacation.
Yes, RAM keys are lost and you need to import them again if needed. RAM keys are used as a temporary keys for one-time operations only.
It's not important for user to know what is stored in SYS_IMG exactly.
And regarding SHE secure boot - it depends on used key:
You can take a look at following example:
c:\NXP\S32K3_HSE_DemoExamples_1_0_0\S32K3_HSE_DemoExamples\Secure_Boot\S32K344_Hse_SHE_SecureBoot_Example\
Regards,
Lukas
Hi @luhaiou
the difference is that RAM catalog is supposed to be used only as temporary storage of keys for certain operations. Please read sections "6.1 Cryptographic keys" and "6.2 Key management" in the HSE-B Firmware Reference Manual.
SYS-IMG contains some details about the RAM catalog but not the key values directly. These keys are stored in secure RAM.
You can take a look at:
https://www.nxp.com/webapp/Download?colCode=S32K3_HSE_DemoExamples
Regards,
Lukas
Thanks for your reply,
Thanks for your S32K3_HSE_DemoExamples .
I have read HSE-B Firmware Reference Manual twice,But it doesn't explain the doubts about RAM keys yet,
According to your explanation ,
SYS-IMG contains some details about the RAM catalog but not the key values directly. These keys are stored in secure RAM.
Personal understanding,The value stored in secure RAM will be lost when the power is off,then the user needs to re-import the RAM keys every time the chip is powered on.
If my thinking is correct, is there any disadvantage of putting all the RAM keys information in secure RAM compared to putting some details in SYS_IMG.
The HSE-B Firmware Reference Manual does not introduce much about the detailed storage methods of RAM keys, most of them are introduced together with NVM keys, and there are some vague descriptions, such as:
1.Personal understanding,The value stored in secure RAM will be lost when the power is off,then the user needs to re-import the RAM keys every time the chip is powered on.Whether the idea is correct?
2.For RAM keys, which details are stored in SYS_IMG and which are stored in secure RAM,
3.What are the advantages of having the RAM key parameter stored in two places?
------------------------------------------------------------------------------------------------
4.If only one region is protected with SMR#0, how can HSE_FW distinguish that SMR#0 is used as a SHE-secure boot instead of an Advanced secure boot.
Looking forward to your reply, thank you very much.
Hi @luhaiou
I'm sorry for delayed response, I just got back from vacation.
Yes, RAM keys are lost and you need to import them again if needed. RAM keys are used as a temporary keys for one-time operations only.
It's not important for user to know what is stored in SYS_IMG exactly.
And regarding SHE secure boot - it depends on used key:
You can take a look at following example:
c:\NXP\S32K3_HSE_DemoExamples_1_0_0\S32K3_HSE_DemoExamples\Secure_Boot\S32K344_Hse_SHE_SecureBoot_Example\
Regards,
Lukas