FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

use CSEC_DRV_GenerateMACAddrMode to generate CMAC but occurs reset and rigister RCM_SRS[LOCKUP] = 1

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

use CSEC_DRV_GenerateMACAddrMode to generate CMAC but occurs reset and rigister RCM_SRS[LOCKUP] = 1

Jump to solution
‎09-28-2022 06:06 PM
939 Views
baichuan
Contributor II

Hi,

1. We have encountered a difficult problem, when I use CSEC_DRV_GenerateMACAddrMode(the size is 64k bytes and start address is 0x10000.) to calculate CMAC value in bootloader,the board will reset and rigister RCM_SRS[LOCKUP] = 1, I want to know why it occurs and how to solve this problem?

const uint8_t *flash_pointer = (uint8_t *)(0x10000);

uint32_t aplLenth = 64 * 1024 * 8;

uint8_t cmacValue[16];

stat = CSEC_DRV_GenerateMACAddrMode(CSEC_KEY_11, flash_pointer, aplLenth, cmacValue);

2. if I try to use chain of trust to verify apl, Where should CMAC be stored? if this is possible to Use CSEC_DRV_VerifyMACAddrMode to verify? because of the APL image occupies 2 read partitions, Whether or not we should generate two CMAC

 

board: S32K146

partition: bootloader:0x00000-0x10000 ,apl:0x10000-0xFFFFF

csec repository: SDK_S32K1xx_15

0 Kudos
Reply
1 Solution

Jump to solution
‎09-30-2022 06:55 AM
917 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

there's a note in the reference manual:

"In addition, program flash reads are not allowed when CSEc command CMD_VERIFY_MAC (pointer method) or CMD_GENERATE_MAC (pointer method) is running."

The driver executes the command from RAM memory but there's probably an interrupt which accessed the flash. So, try to disable the interrupts and I guess it will work as expected.


To make it bulletproff, the CMAC should be stored in flash area which is checked by secure boot feature. So, if the application is updated, also BOOT_MAC needs to be updated after programming new CMAC.

Regards,
Lukas

View solution in original post

0 Kudos
Reply
2 Replies

Jump to solution
‎09-30-2022 06:55 AM
918 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

there's a note in the reference manual:

"In addition, program flash reads are not allowed when CSEc command CMD_VERIFY_MAC (pointer method) or CMD_GENERATE_MAC (pointer method) is running."

The driver executes the command from RAM memory but there's probably an interrupt which accessed the flash. So, try to disable the interrupts and I guess it will work as expected.


To make it bulletproff, the CMAC should be stored in flash area which is checked by secure boot feature. So, if the application is updated, also BOOT_MAC needs to be updated after programming new CMAC.

Regards,
Lukas

0 Kudos
Reply

Jump to solution
‎09-30-2022 07:16 PM
908 Views
baichuan
Contributor II

Thank you for your patient answer, it is helpful to me

0 Kudos
Reply