帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

use CSEC_DRV_GenerateMACAddrMode to generate CMAC but occurs reset and rigister RCM_SRS[LOCKUP] = 1

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

use CSEC_DRV_GenerateMACAddrMode to generate CMAC but occurs reset and rigister RCM_SRS[LOCKUP] = 1

跳至解决方案
‎09-28-2022 06:06 PM
940 次查看
baichuan
Contributor II

Hi,

1. We have encountered a difficult problem, when I use CSEC_DRV_GenerateMACAddrMode(the size is 64k bytes and start address is 0x10000.) to calculate CMAC value in bootloader,the board will reset and rigister RCM_SRS[LOCKUP] = 1, I want to know why it occurs and how to solve this problem?

const uint8_t *flash_pointer = (uint8_t *)(0x10000);

uint32_t aplLenth = 64 * 1024 * 8;

uint8_t cmacValue[16];

stat = CSEC_DRV_GenerateMACAddrMode(CSEC_KEY_11, flash_pointer, aplLenth, cmacValue);

2. if I try to use chain of trust to verify apl, Where should CMAC be stored? if this is possible to Use CSEC_DRV_VerifyMACAddrMode to verify? because of the APL image occupies 2 read partitions, Whether or not we should generate two CMAC

 

board: S32K146

partition: bootloader:0x00000-0x10000 ,apl:0x10000-0xFFFFF

csec repository: SDK_S32K1xx_15

标记 (3)
0 项奖励
回复
1 解答

跳至解决方案
‎09-30-2022 06:55 AM
918 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

there's a note in the reference manual:

"In addition, program flash reads are not allowed when CSEc command CMD_VERIFY_MAC (pointer method) or CMD_GENERATE_MAC (pointer method) is running."

The driver executes the command from RAM memory but there's probably an interrupt which accessed the flash. So, try to disable the interrupts and I guess it will work as expected.


To make it bulletproff, the CMAC should be stored in flash area which is checked by secure boot feature. So, if the application is updated, also BOOT_MAC needs to be updated after programming new CMAC.

Regards,
Lukas

在原帖中查看解决方案

0 项奖励
回复
2 回复数

跳至解决方案
‎09-30-2022 06:55 AM
919 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

there's a note in the reference manual:

"In addition, program flash reads are not allowed when CSEc command CMD_VERIFY_MAC (pointer method) or CMD_GENERATE_MAC (pointer method) is running."

The driver executes the command from RAM memory but there's probably an interrupt which accessed the flash. So, try to disable the interrupts and I guess it will work as expected.


To make it bulletproff, the CMAC should be stored in flash area which is checked by secure boot feature. So, if the application is updated, also BOOT_MAC needs to be updated after programming new CMAC.

Regards,
Lukas

0 项奖励
回复

跳至解决方案
‎09-30-2022 07:16 PM
909 次查看
baichuan
Contributor II

Thank you for your patient answer, it is helpful to me

0 项奖励
回复