s32k314 get adkp is not written

wangwei1024 · ‎06-28-2024

hello nxp

1 I already install ab swap hse fw. and used SetAttr(HSE_APP_DEBUG_KEY_ATTR_ID,len, (void *)adkp) to write ADKP without (UID diversification by HSE_EXTEND_CUST_SECURITY_POLICY_ATTR_ID) , But I read ADKP through GetAttr is not the same as it was written . why ?

2 we need to implement Basic Secure Boot (BSB) ，if we want to write ADKP with UID diversification. How to make offline image including gmac ?

thank you.

lukaszadrapa · ‎07-02-2024

Hi @wangwei1024

1.

2.

It's expected that this is configured directly in the device using Boot Data Sign service. See please the details in Secure Boot Application note.
It can be downloaded from:
https://www.nxp.com/products/processors-and-microcontrollers/s32-automotive-platform/s32k-auto-gener...
Application note can be found here:
Documentation -> Secure Files -> Secure Boot Application note v0.1.1.0 (AN744511)
Associated demo project can be downloaded here:
Design Resources -> Software -> Secure Files -> SecureBootAppNoteDemo (SW745310)

Regards,

Lukas

wangwei1024 · ‎07-03-2024

hi Lukas:

Thank you for response.

for point 2. This means that we need to verify the legitimacy of the offline image package before sign service, right ?