SE050C2HQ1 middle ware integration issue

daisuke2 · ‎11-03-2025

Hi

I am trying to integrate middle ware for SE050C2HQ1 on imx8mp custom board.

I used 'SE-PLUG-TRUST-MW_04.07.01.zip' from nxp portal site and build with cmake flag as bellow

---------------------------

-DCMAKE_BUILD_TYPE=Debug \
-DPTMW_Host=iMXLinux -DPTMW_HostCrypto=OPENSSL -DPTMW_SMCOM=T1oI2C \
-DPTMW_SE05X_Auth=PlatfSCP03 -DPTMW_SCP=SCP03_SSS -DPTMW_Applet=SE05X_A \
-DPTMW_SE05X_Ver=07_02

when i trying to run 'ex_ecc', i am keep getting error like bellow

----log----------------------

App :INFO :Running ex_ecc
App :INFO :Using PortName='/dev/i2c-2' (CLI)
App :INFO :PlugAndTrust_v04.07.01_20250519
App :WARN :Using SCP03 keys from:'/etc/se05x/scp03_keys.bin' (ENV=EX_SSS_BOOT_SCP03_PATH)
App :ERROR:Unknown key type «Í«Í«Í«Í«Í«Í«Í[m
sss :INFO :atr (Len=35)
01 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 00
01 00 00 00 00 64 13 88 0A 00 65 53 45 30 35 31
00 00 00
sss :INFO :Newer version of Applet Found
sss :INFO :Compiled for 0x70200. Got newer 0x70216
scp :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:148 Function:nxScp03_AuthenticateChannel
sss :ERROR:Could not set SCP03 Secure Channel
App :ERROR:sss_session_open failed
App :ERROR:ex_sss_session_open Failed
App :ERROR:!ERROR! ret != 0.

------------------------------------

I thought that my scp3-key 'scp03_keys.bin' might be problem, so i tried 'se05x_MandatePlatformSCP' and 'se05x_Delete_and_test_provision'.

But keep getting "unknown key type" error and fails.

It seems that Applet in SE050C2H is new than "SE-PLUG-TRUST-MW_04.07.01.zip".

Is there any newer "SE-PLUG-TRUST-MW_04.07.xx.zip" available?

Or it could be different issue other than Applet version mismatch ?

Best Regards

daisuke

daisuke2 · ‎11-03-2025

Hi

One correction. I was wrong. Secure IC is SE052F2HN2 not SE050C2HQ1 .

Kan_Li · ‎11-03-2025

Hi @daisuke2 ,

Please kindly refer to table 3 in https://www.nxp.com/docs/en/application-note/AN14028.pdf for details regarding the Cmake-settings for SE052F.

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

daisuke2 · ‎11-04-2025

Hi Kan,

I fixed the cmake flag SE05X_C and define SSS_PFSCP_ENABLE_SE052_B501=1 in header file.

But it still can't establish secure channel.

-----log----------

oot@harmonia-mvp1-dvt-machine:~# se05x_GetInfo /dev/i2c-2
App :INFO :Running se05x_GetInfo
App :INFO :Using PortName='/dev/i2c-2' (CLI)
App :INFO :PlugAndTrust_v04.07.01_20250519
App :INFO :Using default PlatfSCP03 keys. You can use keys from file using ENV=EX_SSS_BOOT_SCP03_PATH
sss :INFO :atr (Len=35)
01 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 00
01 00 00 00 00 64 13 88 0A 00 65 53 45 30 35 31
00 00 00
scp :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:148 Function:nxScp03_AuthenticateChannel
sss :ERROR:Could not set SCP03 Secure Channel
App :ERROR:sss_session_open failed
App :ERROR:ex_sss_session_open Failed
App :ERROR:!ERROR! ret != 0.

--------------------------------

I tried "DPTMW_SE05X_Auth=None". This did not work before, but

Is it possible to control SE052F2HN2 without scp3 secure channel?

Does this applet version mismatch mater at all?

BR

daisuke

Kan_Li · ‎11-05-2025

Hi @daisuke2 ,

How did you change the default platformSCP keys for SE052F? It is not in the head file, it is in the fsl_sss_ftr.h.in file including options to select one of the predefined default
Platform SCP keys. This file is located in: simw-top/sss/inc.
Alternatively, you may set up a file to contain the default platformSCP keys for SE052F. Please refer to SE-PLUG-TRUST-MW_04.07.01/simw-top/doc/appendix/platfscp.html for more details.

PlatformSCP is mandatory for SE052F2 as required by FIPS certification.

Does this applet version mismatch mater at all? - I didn't find any mismatch info from the log. what are you referring to?

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

daisuke2 · ‎11-05-2025

Hi Kan,

Ok, let me check the SCP3 key in embedded.

Applet version mismatch thing is like

---log-------

App :INFO :Running ex_ecc
App :INFO :Using PortName='/dev/i2c-2' (CLI)
App :INFO :PlugAndTrust_v04.07.01_20250519
App :INFO :Using default PlatfSCP03 keys. You can use keys from file using ENV=EX_SSS_BOOT_SCP03_PATH
sss :INFO :atr (Len=35)
01 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 00
01 00 00 00 00 64 13 88 0A 00 65 53 45 30 35 31
00 00 00
sss :INFO :Newer version of Applet Found
sss :INFO :Compiled for 0x70200. Got newer 0x70216
scp :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:148 Function:nxScp03_AuthenticateChannel
sss :ERROR:Could not set SCP03 Secure Channel
App :ERROR:sss_session_open failed
App :ERROR:ex_sss_session_open Failed
App :ERROR:!ERROR! ret != 0.

BR

daisuke

Kan_Li · ‎11-06-2025

Hi @daisuke2 ，

The following is the default platformSCP keys for SE052F, was it the same as yours? please kindly refer to https://www.nxp.com/docs/en/application-note/AN14277.pdf for more details.

Applet version mismatch info like "sss :INFO :Compiled for 0x70200. Got newer 0x70216" doesn't matter at all.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

daisuke2 · ‎11-05-2025

Hi Kan,

Tried 10.11 Using own Platform SCP03 Keys.

Looks does not work either. somehow keep getting 'Unknown key type' error when i setup local key file.

---log----

root@harmonia-mvp1-dvt-machine:~# export EX_SSS_BOOT_SCP03_PATH=/etc/se05x/plain_scp.txt
root@harmonia-mvp1-dvt-machine:~# ex_ecc /dev/i2c-2
App :INFO :Running ex_ecc
App :INFO :Using PortName='/dev/i2c-2' (CLI)
App :INFO :PlugAndTrust_v04.07.01_20250519
App :WARN :Using SCP03 keys from:'/etc/se05x/plain_scp.txt' (ENV=EX_SSS_BOOT_SCP03_PATH)
App :ERROR:Unknown key type
sss :INFO :atr (Len=35)
01 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 00
01 00 00 00 00 64 13 88 0A 00 65 53 45 30 35 31
00 00 00
sss :INFO :Newer version of Applet Found
sss :INFO :Compiled for 0x70200. Got newer 0x70216
scp :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:148 Function:nxScp03_AuthenticateChannel
sss :ERROR:Could not set SCP03 Secure Channel
App :ERROR:sss_session_open failed
App :ERROR:ex_sss_session_open Failed
App :ERROR:!ERROR! ret != 0.

BR

daisuke