ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

SE05x sign and verify with NXP keys

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

SE05x sign and verify with NXP keys

ソリューションへジャンプ
‎12-01-2022 05:45 AM
1,338件の閲覧回数
wyss-11
Contributor III

I started to play around with the SE050E and I successfully compiled the middleware with its ssscli tool. 

My use case is that I need an attestation (from preprovisioned NXP keys) that a binary file stored in the SE050E on the embedded device is unchanged (sign binary file / verify binary file).

On device X I can do a sign/verify with the following commands: 

ssscli sign 0xF0000000 foo foo_signed
ssscli verify 0xF0000000 foo foo_signed

When I copy foo and foo_signed to another embedded device Y, I want to be able to check that the file signed by NXP. But the verification fails. 

So my question: How would you do such an attestation with ssscli on 2 different embedded devices X and Y?  

 

0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎12-01-2022 07:05 PM
1,331件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @wyss-11 ,

 

The secure objects provisioned at 0xF0000000 are different device by device, so you better generate the key pair externally and inject it to the devices at somewhere else such as 0x10001000. For test purpose, you may use "ssscli set ecc pair" to inject the secure object, for mass production, we recommend the edgelock2go secure service. Please kindly refer to https://www.nxp.com/products/security-and-authentication/secure-service-2go-platform/edgelock-2go:ED... for details.

 

Hope that helps,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

元の投稿で解決策を見る

返信
1 返信

ソリューションへジャンプ
‎12-01-2022 07:05 PM
1,332件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @wyss-11 ,

 

The secure objects provisioned at 0xF0000000 are different device by device, so you better generate the key pair externally and inject it to the devices at somewhere else such as 0x10001000. For test purpose, you may use "ssscli set ecc pair" to inject the secure object, for mass production, we recommend the edgelock2go secure service. Please kindly refer to https://www.nxp.com/products/security-and-authentication/secure-service-2go-platform/edgelock-2go:ED... for details.

 

Hope that helps,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

返信