SE050: key rotation: DoAPDUTxRx_s_Case4 returns 0x6a80

cancel
Showing results for 
Search instead for 
Did you mean: 

SE050: key rotation: DoAPDUTxRx_s_Case4 returns 0x6a80

162 Views
Contributor III

Hi all,

I am running the sample code from SE05X Rotate PlatformSCP Keys Demo on the SE050 ARD board (OEFID = 6). I am using simw-top version 2.14.

The APDU request from the sample code returns 0x6A80 (invalid policy?)

An object is only created if the attached policy is valid and, if the policy validation fails, the error code 0x6A80 is returned as response to the object creation command. AFAICS the sample code doesnt configure any policy. Is there anything else that needs to be done? anything that is missing?

many thanks in advance

Jorge

Labels (1)
0 Kudos
6 Replies

35 Views
Contributor III

Not sure if it helps but the data exchanged with the SE050 over I2C would be as follows:

I/TC: se050: scp: tlv_header:
I/TC: se050: scp: 80.d8.0b.81

I/TC: se050: scp: cmd_buf:
I/TC: se050: scp: 0b.88.11.10.a9.55.af.51 09.81.2d.47.51.bb.9d.bc
I/TC: se050: scp: 7c.bb.c9.38.03.50.4a.77 88.11.10.70.eb.a0.47.18
I/TC: se050: scp: 91.97.82.cf.3b.e8.0e.8e 4b.e3.d0.03.50.4a.77.88
I/TC: se050: scp: 11.10.b6.2a.03.c4.6f.1b 67.ef.c3.3e.34.23.4c.6d
I/TC: se050: scp: 81.b4.03.50.4a.77

35 Views
Contributor III

I noticed the problem in the data fields.

After updating the default DEK key for the SE050 ARD board now I get a proper log (however still fails with the same error code of 0x6a80)

I/TC: se050: key: 40.41.42.43.44.45.46.47 48.49.4a.4b.4c.4d.4e.4f

I/TC: se050: dek: a1.bc.84.38.bf.77.93.5b 36.1a.44.25.fe.79.fa.29

==>

I/TC: se050: enc: 17.b1.c1.65.0d.1f.ee.5b 21.63.00.1a.d7.e4.6d.58

And now the command looks like:

I/TC: se050: scp: tlv_header:
I/TC: se050: scp: 80.d8.0b.81
I/TC: se050: scp: cmd_buf:
I/TC: se050: scp: 0b.88.11.10.17.b1.c1.65 0d.1f.ee.5b.21.63.00.1a
I/TC: se050: scp: d7.e4.6d.58.03.50.4a.77 88.11.10.17.b1.c1.65.0d
I/TC: se050: scp: 1f.ee.5b.21.63.00.1a.d7 e4.6d.58.03.50.4a.77.88
I/TC: se050: scp: 11.10.17.b1.c1.65.0d.1f ee.5b.21.63.00.1a.d7.e4
I/TC: se050: scp: 6d.58.03.50.4a.77

I highlighted the encrypted keys that are set in the command.

thanks

0 Kudos

35 Views
NXP TechSupport
NXP TechSupport

Hello Jorge,

The example se05x_RotatePlatformSCP03Keys has the following definition:

pastedImage_1.png

which triggers SSD selection instead of IoT Applet selection to rotate the keys:

pastedImage_2.png

You may also follow this in your application.

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos

35 Views
Contributor III

Hi Kan

Right, I had found the exact same thing on my application so you were spot

on.

https://github.com/ldts/optee_os/commit/4988bd70ebd6a081dba7f57f5090fddeaba2b066#diff-ac8f07735297dd...

Sorry that I forgot to update the thread once I had the issue fixed.

thanks

Jorge

0 Kudos

35 Views
NXP TechSupport
NXP TechSupport

Hello Jorge,

Thanks for the sharing!

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos

35 Views
Contributor I

Kan, Jorge,

Thanks for the info, this solved my problem with rotating platform keys. 

Dean

0 Kudos