use CSEC_DRV_GenerateMACAddrMode to generate CMAC but occurs reset and rigister RCM_SRS[LOCKUP] = 1

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

use CSEC_DRV_GenerateMACAddrMode to generate CMAC but occurs reset and rigister RCM_SRS[LOCKUP] = 1

ソリューションへジャンプ
1,268件の閲覧回数
baichuan
Contributor II

Hi,

1. We have encountered a difficult problem, when I use CSEC_DRV_GenerateMACAddrMode(the size is 64k bytes and start address is 0x10000.) to calculate CMAC value in bootloader,the board will reset and rigister RCM_SRS[LOCKUP] = 1, I want to know why it occurs and how to solve this problem?

const uint8_t *flash_pointer = (uint8_t *)(0x10000);

uint32_t aplLenth = 64 * 1024 * 8;

uint8_t cmacValue[16];

stat = CSEC_DRV_GenerateMACAddrMode(CSEC_KEY_11, flash_pointer, aplLenth, cmacValue);

2. if I try to use chain of trust to verify apl, Where should CMAC be stored? if this is possible to Use CSEC_DRV_VerifyMACAddrMode to verify? because of the APL image occupies 2 read partitions, Whether or not we should generate two CMAC

 

board: S32K146

partition: bootloader:0x00000-0x10000 ,apl:0x10000-0xFFFFF

csec repository: SDK_S32K1xx_15

タグ(3)
0 件の賞賛
返信
1 解決策
1,246件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

there's a note in the reference manual:

"In addition, program flash reads are not allowed when CSEc command CMD_VERIFY_MAC (pointer method) or CMD_GENERATE_MAC (pointer method) is running."

The driver executes the command from RAM memory but there's probably an interrupt which accessed the flash. So, try to disable the interrupts and I guess it will work as expected.


To make it bulletproff, the CMAC should be stored in flash area which is checked by secure boot feature. So, if the application is updated, also BOOT_MAC needs to be updated after programming new CMAC.

Regards,
Lukas

元の投稿で解決策を見る

0 件の賞賛
返信
2 返答(返信)
1,247件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

there's a note in the reference manual:

"In addition, program flash reads are not allowed when CSEc command CMD_VERIFY_MAC (pointer method) or CMD_GENERATE_MAC (pointer method) is running."

The driver executes the command from RAM memory but there's probably an interrupt which accessed the flash. So, try to disable the interrupts and I guess it will work as expected.


To make it bulletproff, the CMAC should be stored in flash area which is checked by secure boot feature. So, if the application is updated, also BOOT_MAC needs to be updated after programming new CMAC.

Regards,
Lukas

0 件の賞賛
返信
1,237件の閲覧回数
baichuan
Contributor II

Thank you for your patient answer, it is helpful to me

0 件の賞賛
返信