帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Configuring SE to be fully functional but rejecting attempts to add more secure objects

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

Configuring SE to be fully functional but rejecting attempts to add more secure objects

跳至解决方案
‎05-08-2025 03:27 PM
1,111 次查看
psvz
Contributor IV

Is it possible to lock SE051H in a state where it would be fully functional but reject attempts to add more secure objects?

Background. If I provisioned a factory-reset user and other secure objects with policy not allowing deletion or modification - I am fine to deploy the chip to untrusted environment to operate reliably.

An adversary, however, can provision thousands dummy secure objects to consume all memory. That might affect reliability of the SE operations. Could you please confirm if such scenario is a threat? And if so, how could I mitigate?

标签 (1)
标签
标记 (1)
0 项奖励
回复
1 解答

跳至解决方案
‎05-15-2025 01:41 AM
984 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @psvz ,

 

Even in this case, the factory reset would not cancel this persistent lock.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

在原帖中查看解决方案

0 项奖励
回复
5 回复数

跳至解决方案
‎05-08-2025 10:42 PM
1,097 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @psvz ,

 

There is an APDU command available on SE051 parts for that purpose. Please kindly refer to the following for details.

Kan_Li_0-1746769208794.png

You may refer to https://www.nxp.com/webapp/Download?colCode=AN12543 for more details.

 

Hope that helps,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

0 项奖励
回复

跳至解决方案
‎05-10-2025 08:03 AM
1,083 次查看
psvz
Contributor IV

Hi @Kan_Li 

 

Thanks for pointing me out to the sought APDU command. I can't find any middleware API for it - I checked all Se05x_API* functions. What is the shortest way to activate that APDU command in C? If middleware doesn't support it, perhaps you could kindly share a code sample?

标记 (1)
0 项奖励
回复

跳至解决方案
‎05-12-2025 10:40 PM
1,031 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @psvz , 

 

Please kindly refer to Se05x_API_DisableObjCreation() for details.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励
回复

跳至解决方案
‎05-13-2025 05:53 AM
1,021 次查看
psvz
Contributor IV

Hi @Kan_Li ,

Thanks, I was searching in

simw-top/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_apis.h

and overlooked additional `se05x_04_xx_APDU_apis.h` file there...

 

Provided I use LOCK_PERSISTENT and RESTRICT_NEW combination (I rely on creation policy for objects I provisioned before this command), what is behavior if then call Se05x_API_DeleteAll() command?

Will the factory reset cancel this persistent lock? Or will I throw the chip into garbage after restricting and then resetting?

标记 (1)
0 项奖励
回复

跳至解决方案
‎05-15-2025 01:41 AM
985 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @psvz ,

 

Even in this case, the factory reset would not cancel this persistent lock.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励
回复