Using correct ENV Variable with nx_personalization demo for A30

Hello @Kan_Li,

I'm running this setup on raspbian, therefore I'm unable to run a .bat file.
I have followed the nxmw.pdf section 2.5, which refers me to the nx_Personalization example.

I had the ENV variable set up wrongly, now I have the correct one. I can read the files, which the output is also indicating but I am still failing at some point:

I am opening the session correctly, indicating a correct Symmetric Key being used. Maybe I need to select differen t options on linux when executing the command. I am not sure.

nx_mw :INFO :******************************* NOTE ******************************************** nx_mw :INFO :Default top level certificate directory is: /tmp/configuration/a30_hostcert_depth2_x509_rev3_nistp/ nx_mw :INFO :To override this directory path, you need to set env variable as follows: nx_mw :INFO :NX_AUTH_CERT_DIR=..\nx-mw-top\binaries\configuration\cert_depth3_PKCS7_rev1 nx_mw :INFO :********************************************************************************* nx_mw :INFO :Using certificate/key from:'/home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1' (ENV=NX_AUTH_CERT_DIR) nx_mw :INFO :Read file from /home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1/cert_and_key/nist_p/host_root_certificate.der nx_mw :INFO :Read file from /home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1/cert_and_key/nist_p/device_leaf_certificate.der nx_mw :INFO :Read file from /home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1/cert_and_key/nist_p/device_leaf_keypair.der nx_mw :WARN :nxEnsure:'(ret == SM_OK) || (ret == SM_OK_ALT)' failed. At Line:3713 Function:sss_nx_TXn_AES_EV2 nx_mw :ERROR:nx_ManageCertRepo_CreateCertRepo Failed nx_mw :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:812 Function:nx_load_se_leaf_keypair_and_cert nx_mw :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:980 Function:ex_sss_entry nx_mw :ERROR:nx_Personalization Example Failed !!!... nx_mw :INFO :ex_sss Finished nx_mw :ERROR:ex_sss_entry Failed nx_mw :ERROR:!ERROR! ret != 0.

Hi @Jansch ,

 

I understand you are following the steps as listed in section 2.5.3 in nxmw.pdf , but halted in the following step, right?

and then you followed the steps in section 4.1.1 to Nx Personalization example with a self defined ENV, right? What is the setting for NX_AUTH_CERT_DIR in this case? Would you please clarify?

 

Please kindly let me know if I made any misunderstanding here.

 

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

Hi @Kan_Li 

 

Yes, exactly. I can run every other demo and have tried a cuople things that all work, I just struggle to get the SIGMA-I authentication to work.

 

NX_AUTH_CERT_DIR has been changed by me to refer to the folder indicated by section 4.1.1:

"Hard coded certificates defined in

nx-mw-top/demos/nx/nx_Personalization/nx_Personalization.h"

 

The actual folder for me is found at:

~/a30mw/nxmw_main/demos/nx/nx_Personalization/nx_Personalization.h

 

This is the content of my NX_AUTH_CERT_DIR aswell. Looking into that folder I have various certificates in plaintext, so everything seems to be in order.

 

Greetings

Jan

 

Hi @Jansch ,

 

Thanks for the clarification! Is it possible to give us a more detailed log by enabling the following cmake option?

-DNXMW_Log=Verbose

 

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

Hey @Kan_Li 

I wrote the wrong directory in the last message, this is the correct one:

nx_mw :INFO :Using certificate/key from:'/home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1' (ENV=NX_AUTH_CERT_DIR)

nx_mw :INFO :Read file from /home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1/cert_and_key/nist_p/host_root_certificate.der

nx_mw :INFO :Read file from /home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1/cert_and_key/nist_p/device_leaf_certificate.der

nx_mw :INFO :Read file from /home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1/cert_and_key/nist_p/device_leaf_keypair.der 

 

The output for verbose logs is long, as following:

nx_mw :INFO :Session Open Succeed nx_mw :INFO :Nx provision start

nx_mw :INFO :******************************* NOTE ******************************************** nx_mw :INFO :Default top level certificate directory is: /tmp/configuration/a30_hostcert_depth2_x509_rev3_nistp/ nx_mw :INFO :To override this directory path, you need to set env variable as follows: nx_mw :INFO :NX_AUTH_CERT_DIR=..\nx-mw-top\binaries\configuration\cert_depth3_PKCS7_rev1 nx_mw :INFO :********************************************************************************* nx_mw :INFO :Using certificate/key from:'/home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1' (ENV=NX_AUTH_CERT_DIR) nx_mw :DEBUG:Number of characters read = 523 nx_mw :INFO :Read file from /home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1/cert_and_key/nist_p/host_root_certificate.der nx_mw :DEBUG:openssl parse certificates failed. It maybe PKCS#7 certificate APDU :DEBUG:GetKeySettings [CARootKeyList] APDU :DEBUG: [Option] = 0x2 nx_mw :DEBUG: Input:Native Command code (Len=1) 45 nx_mw :DEBUG: Input:Native Command Header (Len=1) 02 nx_mw :DEBUG:FN: nx_AES_EV2_MAC_CommandAPDU nx_mw :DEBUG:Command counter = 1 nx_mw :DEBUG:APDU Tx> (Len=15) 90 45 00 00 09 02 69 8F 94 02 2C AD 68 40 00 nx_mw :DEBUG:Enter phNxpEseProto7816_Transceive nx_mw :DEBUG:Transceive data ptr 0x0x7ffff91e9870 len:15 nx_mw :DEBUG:I-Frame Data Len: 15 Seq. no:1 nx_mw :DEBUG:TransceiveProcess nextTransceiveState 1 nx_mw :DEBUG:phNxpEse_WriteFrame Enter .. nx_mw :DEBUG:TX (axI2CWrite) > (Len=21) 21 40 00 0F 90 45 00 00 09 02 69 8F 94 02 2C AD 68 40 00 66 0A nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RAW Tx> (Len=21) 21 40 00 0F 90 45 00 00 09 02 69 8F 94 02 2C AD 68 40 00 66 0A nx_mw :DEBUG:phNxpEse_read Enter .. nx_mw :DEBUG:phPalEse_i2c_read Read Requested 2 bytes nx_mw :DEBUG:Done with rv = 0d nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 00 nx_mw :DEBUG:_i2c_read() error : 13 nx_mw :DEBUG:_i2c_read() failed. Going to retry, counter:1 ! nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=2) 12 40 nx_mw :DEBUG:phNxpEse_readPacket Read HDR nx_mw :DEBUG:phNxpEse_readPacket SOF FOUND nx_mw :DEBUG:phPalEse_i2c_read Read Requested 2 bytes nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 12 nx_mw :DEBUG:poll_sof_chained_delay value is 0 nx_mw :DEBUG:phPalEse_i2c_read Read Requested 20 bytes nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=20) 01 00 0C FF 3F 30 3F 00 7A 0B 9B FC 58 3F DC CD 91 00 90 5D nx_mw :DEBUG:RAW Rx< (Len=24) 12 40 00 12 01 00 0C FF 3F 30 3F 00 7A 0B 9B FC 58 3F DC CD 91 00 90 5D nx_mw :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x55562b33cab0 len ----> 0x18 nx_mw :DEBUG:Received CRC:0x905d Calculated CRC:0x905d nx_mw :DEBUG:Retry Counter = 0 nx_mw :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame Received nx_mw :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame lastRcvdIframeInfo.seqNo:0x1 nx_mw :DEBUG:Data[0]=0x1 len=18 Data[17]=0x91 Data[18]=0x0 nx_mw :DEBUG: phNxpEse_Transceive Exit status 0x0 nx_mw :DEBUG:APDU Rx< (Len=18) 01 00 0C FF 3F 30 3F 00 7A 0B 9B FC 58 3F DC CD 91 00 nx_mw :DEBUG:FN: nx_DeCrypt nx_mw :DEBUG: Input:rspBuf (Len=18) 01 00 0C FF 3F 30 3F 00 7A 0B 9B FC 58 3F DC CD 91 00 nx_mw :DEBUG:Mac verified : (Len=16) 09 7A 96 0B 06 9B E5 FC 5B 58 13 3F CD DC 18 CD nx_mw :DEBUG:Decrypted the response (Len=10) 01 00 0C FF 3F 30 3F 00 91 00 APDU :DEBUG:ManageCARootKey [] APDU :DEBUG: [KeyNo] = 0x0 APDU :DEBUG: [curveID] = 0xC APDU :DEBUG: [accessRight(LSB)] = 0x3FFF APDU :DEBUG: [writeAccessCond] = 0x30 APDU :DEBUG: [readAccessCond] = 0x3F APDU :DEBUG: [Reserved] = 0x0 APDU :DEBUG: [Public key] (Len=65) 04 C2 3A B7 F3 EB 7E CD F9 4E 1C 43 B2 8B 0C 2F 49 C9 61 35 A1 4A E0 58 BC A9 FE F9 4D 18 D4 46 28 C1 2F 8D 00 5B C4 8C C4 02 74 86 90 42 75 AE 55 96 0B 23 C7 6E 96 EF 96 80 27 04 2A 16 7D E5 AD APDU :DEBUG: [CA Subject Name Len] = 0x64 APDU :DEBUG: [CA Issuer Name] (Len=100) 30 62 31 0B 30 09 06 03 55 04 06 13 02 4E 4C 31 12 30 10 06 03 55 04 08 0C 09 45 69 6E 64 68 6F 76 65 6E 31 12 30 10 06 03 55 04 07 0C 09 45 69 6E 64 68 6F 76 65 6E 31 0C 30 0A 06 03 55 04 0A 0C 03 4E 58 50 31 1D 30 1B 06 03 55 04 03 0C 14 4E 58 50 20 41 75 74 68 20 52 6F 6F 74 43 41 76 45 32 30 31 nx_mw :DEBUG: Input:Native Command code (Len=1) 48 nx_mw :DEBUG: Input:Native Command Header (Len=7) 00 0C FF 3F 30 3F 00 nx_mw :DEBUG: Input:Native Command Data (Len=166) 04 C2 3A B7 F3 EB 7E CD F9 4E 1C 43 B2 8B 0C 2F 49 C9 61 35 A1 4A E0 58 BC A9 FE F9 4D 18 D4 46 28 C1 2F 8D 00 5B C4 8C C4 02 74 86 90 42 75 AE 55 96 0B 23 C7 6E 96 EF 96 80 27 04 2A 16 7D E5 AD 64 30 62 31 0B 30 09 06 03 55 04 06 13 02 4E 4C 31 12 30 10 06 03 55 04 08 0C 09 45 69 6E 64 68 6F 76 65 6E 31 12 30 10 06 03 55 04 07 0C 09 45 69 6E 64 68 6F 76 65 6E 31 0C 30 0A 06 03 55 04 0A 0C 03 4E 58 50 31 1D 30 1B 06 03 55 04 03 0C 14 4E 58 50 20 41 75 74 68 20 52 6F 6F 74 43 41 76 45 32 30 31 nx_mw :DEBUG:FN: nx_AES_EV2_Encrypt_CommandAPDU nx_mw :DEBUG:FN: nx_PadCommandAPDU nx_mw :DEBUG:Input: cmdApduBuf (Len=176) 04 C2 3A B7 F3 EB 7E CD F9 4E 1C 43 B2 8B 0C 2F 49 C9 61 35 A1 4A E0 58 BC A9 FE F9 4D 18 D4 46 28 C1 2F 8D 00 5B C4 8C C4 02 74 86 90 42 75 AE 55 96 0B 23 C7 6E 96 EF 96 80 27 04 2A 16 7D E5 AD 64 30 62 31 0B 30 09 06 03 55 04 06 13 02 4E 4C 31 12 30 10 06 03 55 04 08 0C 09 45 69 6E 64 68 6F 76 65 6E 31 12 30 10 06 03 55 04 07 0C 09 45 69 6E 64 68 6F 76 65 6E 31 0C 30 0A 06 03 55 04 0A 0C 03 4E 58 50 31 1D 30 1B 06 03 55 04 03 0C 14 4E 58 50 20 41 75 74 68 20 52 6F 6F 74 43 41 76 45 32 30 31 80 00 00 00 00 00 00 00 00 00 nx_mw :DEBUG:FN: nx_AES_EV2_MAC_CommandAPDU nx_mw :DEBUG:Command counter = 2 nx_mw :DEBUG:APDU Tx> (Len=197) 90 48 00 00 BF 00 0C FF 3F 30 3F 00 F5 AE 1D 20 C9 3C EA 4A A7 6D 67 3E 1D E5 79 6B D7 C1 91 23 04 9E 00 52 0A F5 DA 93 8F 83 D0 1E EC 98 3B 07 30 BE 85 97 47 5A 8A CF CF 52 79 8F CC A0 47 06 F8 6E 3B B9 A9 E5 FB 84 FC F9 F0 19 0E 2A F4 00 C4 F4 C4 BD 56 B9 21 03 AC 10 90 C8 A1 A3 3C 9C 75 4E 10 5A BD F8 AA 2D 8E BA CB 89 CE 04 50 F9 CB 4E CF 56 45 E2 E4 BF D9 FF D4 AA 35 81 2A 32 F4 CB B3 B3 EE E1 F0 AB 47 A5 DF 95 8D 43 CA 6F 05 14 36 AE 13 73 1C 29 E7 CE EB 38 3E 37 20 41 95 B1 AD 15 5A 1A D8 89 29 4F 9A 48 9F AE 13 F8 38 03 D3 DB 16 99 E3 0B 7F 24 E8 C0 2E E1 98 E2 D7 11 C7 FB 00 nx_mw :DEBUG:Enter phNxpEseProto7816_Transceive nx_mw :DEBUG:Transceive data ptr 0x0x7ffff91ea760 len:197 nx_mw :DEBUG:I-Frame Data Len: 197 Seq. no:0 nx_mw :DEBUG:TransceiveProcess nextTransceiveState 1 nx_mw :DEBUG:phNxpEse_WriteFrame Enter .. nx_mw :DEBUG:TX (axI2CWrite) > (Len=203) 21 00 00 C5 90 48 00 00 BF 00 0C FF 3F 30 3F 00 F5 AE 1D 20 C9 3C EA 4A A7 6D 67 3E 1D E5 79 6B D7 C1 91 23 04 9E 00 52 0A F5 DA 93 8F 83 D0 1E EC 98 3B 07 30 BE 85 97 47 5A 8A CF CF 52 79 8F CC A0 47 06 F8 6E 3B B9 A9 E5 FB 84 FC F9 F0 19 0E 2A F4 00 C4 F4 C4 BD 56 B9 21 03 AC 10 90 C8 A1 A3 3C 9C 75 4E 10 5A BD F8 AA 2D 8E BA CB 89 CE 04 50 F9 CB 4E CF 56 45 E2 E4 BF D9 FF D4 AA 35 81 2A 32 F4 CB B3 B3 EE E1 F0 AB 47 A5 DF 95 8D 43 CA 6F 05 14 36 AE 13 73 1C 29 E7 CE EB 38 3E 37 20 41 95 B1 AD 15 5A 1A D8 89 29 4F 9A 48 9F AE 13 F8 38 03 D3 DB 16 99 E3 0B 7F 24 E8 C0 2E E1 98 E2 D7 11 C7 FB 00 D3 7A nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RAW Tx> (Len=203) 21 00 00 C5 90 48 00 00 BF 00 0C FF 3F 30 3F 00 F5 AE 1D 20 C9 3C EA 4A A7 6D 67 3E 1D E5 79 6B D7 C1 91 23 04 9E 00 52 0A F5 DA 93 8F 83 D0 1E EC 98 3B 07 30 BE 85 97 47 5A 8A CF CF 52 79 8F CC A0 47 06 F8 6E 3B B9 A9 E5 FB 84 FC F9 F0 19 0E 2A F4 00 C4 F4 C4 BD 56 B9 21 03 AC 10 90 C8 A1 A3 3C 9C 75 4E 10 5A BD F8 AA 2D 8E BA CB 89 CE 04 50 F9 CB 4E CF 56 45 E2 E4 BF D9 FF D4 AA 35 81 2A 32 F4 CB B3 B3 EE E1 F0 AB 47 A5 DF 95 8D 43 CA 6F 05 14 36 AE 13 73 1C 29 E7 CE EB 38 3E 37 20 41 95 B1 AD 15 5A 1A D8 89 29 4F 9A 48 9F AE 13 F8 38 03 D3 DB 16 99 E3 0B 7F 24 E8 C0 2E E1 98 E2 D7 11 C7 FB 00 D3 7A nx_mw :DEBUG:phNxpEse_read Enter .. nx_mw :DEBUG:phPalEse_i2c_read Read Requested 2 bytes nx_mw :DEBUG:Done with rv = 0d nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 00 nx_mw :DEBUG:_i2c_read() error : 13 nx_mw :DEBUG:_i2c_read() failed. Going to retry, counter:1 ! nx_mw :DEBUG:Done with rv = 0d nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 00 nx_mw :DEBUG:_i2c_read() error : 13 nx_mw :DEBUG:_i2c_read() failed. Going to retry, counter:2 ! nx_mw :DEBUG:Done with rv = 0d nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 00 nx_mw :DEBUG:_i2c_read() error : 13 nx_mw :DEBUG:_i2c_read() failed. Going to retry, counter:3 ! nx_mw :DEBUG:Done with rv = 0d nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 00 nx_mw :DEBUG:_i2c_read() error : 13 nx_mw :DEBUG:_i2c_read() failed. Going to retry, counter:4 ! nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=2) 12 00 nx_mw :DEBUG:phNxpEse_readPacket Read HDR nx_mw :DEBUG:phNxpEse_readPacket SOF FOUND nx_mw :DEBUG:phPalEse_i2c_read Read Requested 2 bytes nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 0A nx_mw :DEBUG:poll_sof_chained_delay value is 0 nx_mw :DEBUG:phPalEse_i2c_read Read Requested 12 bytes nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=12) 05 98 F4 58 9A 1B FB D3 91 00 FE D5 nx_mw :DEBUG:RAW Rx< (Len=16) 12 00 00 0A 05 98 F4 58 9A 1B FB D3 91 00 FE D5 nx_mw :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x55562b33cab0 len ----> 0x10 nx_mw :DEBUG:Received CRC:0xfed5 Calculated CRC:0xfed5 nx_mw :DEBUG:Retry Counter = 0 nx_mw :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame Received nx_mw :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame lastRcvdIframeInfo.seqNo:0x0 nx_mw :DEBUG:Data[0]=0x5 len=10 Data[9]=0x91 Data[10]=0x0 nx_mw :DEBUG: phNxpEse_Transceive Exit status 0x0 nx_mw :DEBUG:APDU Rx< (Len=10) 05 98 F4 58 9A 1B FB D3 91 00 nx_mw :DEBUG:FN: nx_DeCrypt nx_mw :DEBUG: Input:rspBuf (Len=10) 05 98 F4 58 9A 1B FB D3 91 00 nx_mw :DEBUG:Mac verified : (Len=16) 43 05 90 98 C4 F4 1B 58 42 9A 1F 1B 62 FB EE D3 nx_mw :DEBUG:Decrypted the response (Len=2) 91 00 nx_mw :DEBUG:Using certificate/key from:'/home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1' (ENV=NX_AUTH_CERT_DIR) nx_mw :DEBUG:Number of characters read = 500 nx_mw :INFO :Read file from /home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1/cert_and_key/nist_p/device_leaf_certificate.der nx_mw :DEBUG:Using certificate/key from:'/home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1' (ENV=NX_AUTH_CERT_DIR) nx_mw :DEBUG:Number of characters read = 121 nx_mw :INFO :Read file from /home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1/cert_and_key/nist_p/device_leaf_keypair.der APDU :DEBUG:GetKeySettings [ECCPrivateKeyList] APDU :DEBUG: [Option] = 0x1 nx_mw :DEBUG: Input:Native Command code (Len=1) 45 nx_mw :DEBUG: Input:Native Command Header (Len=1) 01 nx_mw :DEBUG:FN: nx_AES_EV2_MAC_CommandAPDU nx_mw :DEBUG:Command counter = 3 nx_mw :DEBUG:APDU Tx> (Len=15) 90 45 00 00 09 01 63 3C E6 71 4F 32 9A AE 00 nx_mw :DEBUG:Enter phNxpEseProto7816_Transceive nx_mw :DEBUG:Transceive data ptr 0x0x7ffff91e97f0 len:15 nx_mw :DEBUG:I-Frame Data Len: 15 Seq. no:1 nx_mw :DEBUG:TransceiveProcess nextTransceiveState 1 nx_mw :DEBUG:phNxpEse_WriteFrame Enter .. nx_mw :DEBUG:TX (axI2CWrite) > (Len=21) 21 40 00 0F 90 45 00 00 09 01 63 3C E6 71 4F 32 9A AE 00 1F 2E nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RAW Tx> (Len=21) 21 40 00 0F 90 45 00 00 09 01 63 3C E6 71 4F 32 9A AE 00 1F 2E nx_mw :DEBUG:phNxpEse_read Enter .. nx_mw :DEBUG:phPalEse_i2c_read Read Requested 2 bytes nx_mw :DEBUG:Done with rv = 0d nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 00 nx_mw :DEBUG:_i2c_read() error : 13 nx_mw :DEBUG:_i2c_read() failed. Going to retry, counter:1 ! nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=2) 12 40 nx_mw :DEBUG:phNxpEse_readPacket Read HDR nx_mw :DEBUG:phNxpEse_readPacket SOF FOUND nx_mw :DEBUG:phPalEse_i2c_read Read Requested 2 bytes nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 3F nx_mw :DEBUG:poll_sof_chained_delay value is 0 nx_mw :DEBUG:phPalEse_i2c_read Read Requested 65 bytes nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=65) 04 00 0C 04 00 30 00 00 00 00 00 00 00 00 02 0C 30 00 30 00 00 00 00 00 00 00 00 03 0D 04 00 30 00 00 00 00 00 00 00 00 04 0C 08 00 30 00 00 00 00 00 00 00 00 94 8F 21 C9 D4 42 97 1C 91 00 61 71 nx_mw :DEBUG:RAW Rx< (Len=69) 12 40 00 3F 04 00 0C 04 00 30 00 00 00 00 00 00 00 00 02 0C 30 00 30 00 00 00 00 00 00 00 00 03 0D 04 00 30 00 00 00 00 00 00 00 00 04 0C 08 00 30 00 00 00 00 00 00 00 00 94 8F 21 C9 D4 42 97 1C 91 00 61 71 nx_mw :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x55562b33cab0 len ----> 0x45 nx_mw :DEBUG:Received CRC:0x6171 Calculated CRC:0x6171 nx_mw :DEBUG:Retry Counter = 0 nx_mw :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame Received nx_mw :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame lastRcvdIframeInfo.seqNo:0x1 nx_mw :DEBUG:Data[0]=0x4 len=63 Data[62]=0x91 Data[63]=0x0 nx_mw :DEBUG: phNxpEse_Transceive Exit status 0x0 nx_mw :DEBUG:APDU Rx< (Len=63) 04 00 0C 04 00 30 00 00 00 00 00 00 00 00 02 0C 30 00 30 00 00 00 00 00 00 00 00 03 0D 04 00 30 00 00 00 00 00 00 00 00 04 0C 08 00 30 00 00 00 00 00 00 00 00 94 8F 21 C9 D4 42 97 1C 91 00 nx_mw :DEBUG:FN: nx_DeCrypt nx_mw :DEBUG: Input:rspBuf (Len=63) 04 00 0C 04 00 30 00 00 00 00 00 00 00 00 02 0C 30 00 30 00 00 00 00 00 00 00 00 03 0D 04 00 30 00 00 00 00 00 00 00 00 04 0C 08 00 30 00 00 00 00 00 00 00 00 94 8F 21 C9 D4 42 97 1C 91 00 nx_mw :DEBUG:Mac verified : (Len=16) D0 94 C2 8F 88 21 4F C9 10 D4 FE 42 1B 97 B9 1C nx_mw :DEBUG:Decrypted the response (Len=55) 04 00 0C 04 00 30 00 00 00 00 00 00 00 00 02 0C 30 00 30 00 00 00 00 00 00 00 00 03 0D 04 00 30 00 00 00 00 00 00 00 00 04 0C 08 00 30 00 00 00 00 00 00 00 00 91 00 APDU :DEBUG:ManageKeyPair [] APDU :DEBUG: [KeyNo] = 0x0 APDU :DEBUG: [Option] = 0x1 APDU :DEBUG: [curveID] = 0xC APDU :DEBUG: [KeyPolicy(LSB)] = 0x4 APDU :DEBUG: [writeAccessCond] = 0x30 APDU :DEBUG: [KUCLimit(LSB)] = 0x0 APDU :DEBUG: [Private key] (Len=32) 2F 0A 6C 8F AC A9 E6 E3 B2 8D C1 24 F6 39 D3 9F E2 83 27 C6 6B 25 0C 18 75 F0 2C 94 8B 15 CC 47 nx_mw :DEBUG: Input:Native Command code (Len=1) 46 nx_mw :DEBUG: Input:Native Command Header (Len=10) 00 01 0C 04 00 30 00 00 00 00 nx_mw :DEBUG: Input:Native Command Data (Len=32) 2F 0A 6C 8F AC A9 E6 E3 B2 8D C1 24 F6 39 D3 9F E2 83 27 C6 6B 25 0C 18 75 F0 2C 94 8B 15 CC 47 nx_mw :DEBUG:FN: nx_AES_EV2_Encrypt_CommandAPDU nx_mw :DEBUG:FN: nx_PadCommandAPDU nx_mw :DEBUG:Input: cmdApduBuf (Len=48) 2F 0A 6C 8F AC A9 E6 E3 B2 8D C1 24 F6 39 D3 9F E2 83 27 C6 6B 25 0C 18 75 F0 2C 94 8B 15 CC 47 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 nx_mw :DEBUG:FN: nx_AES_EV2_MAC_CommandAPDU nx_mw :DEBUG:Command counter = 4 nx_mw :DEBUG:APDU Tx> (Len=72) 90 46 00 00 42 00 01 0C 04 00 30 00 00 00 00 A2 B1 30 6A AE CF 30 47 D5 96 D7 EB 69 EF DB A3 66 8D F0 B1 0F FD 3D FE 42 98 DF 73 71 EA 7D 82 98 B6 31 9E CE F0 FF 8C D6 14 53 D5 22 03 CD 78 C9 ED 69 98 30 1A BF DA 00 nx_mw :DEBUG:Enter phNxpEseProto7816_Transceive nx_mw :DEBUG:Transceive data ptr 0x0x7ffff91ea740 len:72 nx_mw :DEBUG:I-Frame Data Len: 72 Seq. no:0 nx_mw :DEBUG:TransceiveProcess nextTransceiveState 1 nx_mw :DEBUG:phNxpEse_WriteFrame Enter .. nx_mw :DEBUG:TX (axI2CWrite) > (Len=78) 21 00 00 48 90 46 00 00 42 00 01 0C 04 00 30 00 00 00 00 A2 B1 30 6A AE CF 30 47 D5 96 D7 EB 69 EF DB A3 66 8D F0 B1 0F FD 3D FE 42 98 DF 73 71 EA 7D 82 98 B6 31 9E CE F0 FF 8C D6 14 53 D5 22 03 CD 78 C9 ED 69 98 30 1A BF DA 00 68 F3 nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RAW Tx> (Len=78) 21 00 00 48 90 46 00 00 42 00 01 0C 04 00 30 00 00 00 00 A2 B1 30 6A AE CF 30 47 D5 96 D7 EB 69 EF DB A3 66 8D F0 B1 0F FD 3D FE 42 98 DF 73 71 EA 7D 82 98 B6 31 9E CE F0 FF 8C D6 14 53 D5 22 03 CD 78 C9 ED 69 98 30 1A BF DA 00 68 F3 nx_mw :DEBUG:phNxpEse_read Enter .. nx_mw :DEBUG:phPalEse_i2c_read Read Requested 2 bytes nx_mw :DEBUG:Done with rv = 0d nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 00 nx_mw :DEBUG:_i2c_read() error : 13 nx_mw :DEBUG:_i2c_read() failed. Going to retry, counter:1 ! nx_mw :DEBUG:Done with rv = 0d nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 00 nx_mw :DEBUG:_i2c_read() error : 13 nx_mw :DEBUG:_i2c_read() failed. Going to retry, counter:2 ! nx_mw :DEBUG:Done with rv = 0d nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 00 nx_mw :DEBUG:_i2c_read() error : 13 nx_mw :DEBUG:_i2c_read() failed. Going to retry, counter:3 ! nx_mw :DEBUG:Done with rv = 0d nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 00 nx_mw :DEBUG:_i2c_read() error : 13 nx_mw :DEBUG:_i2c_read() failed. Going to retry, counter:4 ! nx_mw :DEBUG:Done with rv = 0d nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 00 nx_mw :DEBUG:_i2c_read() error : 13 nx_mw :DEBUG:_i2c_read() failed. Going to retry, counter:5 ! nx_mw :DEBUG:Done with rv = 0d nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 00 nx_mw :DEBUG:_i2c_read() error : 13 nx_mw :DEBUG:_i2c_read() failed. Going to retry, counter:6 ! nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=2) 12 00 nx_mw :DEBUG:phNxpEse_readPacket Read HDR nx_mw :DEBUG:phNxpEse_readPacket SOF FOUND nx_mw :DEBUG:phPalEse_i2c_read Read Requested 2 bytes nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 0A nx_mw :DEBUG:poll_sof_chained_delay value is 0 nx_mw :DEBUG:phPalEse_i2c_read Read Requested 12 bytes nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=12) 7F 8B 20 25 EA 16 35 E6 91 00 86 F6 nx_mw :DEBUG:RAW Rx< (Len=16) 12 00 00 0A 7F 8B 20 25 EA 16 35 E6 91 00 86 F6 nx_mw :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x55562b33cab0 len ----> 0x10 nx_mw :DEBUG:Received CRC:0x86f6 Calculated CRC:0x86f6 nx_mw :DEBUG:Retry Counter = 0 nx_mw :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame Received nx_mw :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame lastRcvdIframeInfo.seqNo:0x0 nx_mw :DEBUG:Data[0]=0x7f len=10 Data[9]=0x91 Data[10]=0x0 nx_mw :DEBUG: phNxpEse_Transceive Exit status 0x0 nx_mw :DEBUG:APDU Rx< (Len=10) 7F 8B 20 25 EA 16 35 E6 91 00 nx_mw :DEBUG:FN: nx_DeCrypt nx_mw :DEBUG: Input:rspBuf (Len=10) 7F 8B 20 25 EA 16 35 E6 91 00 nx_mw :DEBUG:Mac verified : (Len=16) 28 7F 86 8B E1 20 6F 25 BE EA C1 16 1B 35 B5 E6 nx_mw :DEBUG:Decrypted the response (Len=2) 91 00 APDU :DEBUG:GetConfiguration [Certificate Management] APDU :DEBUG: [Option] = 0x13 nx_mw :DEBUG: Input:Native Command code (Len=1) 65 nx_mw :DEBUG: Input:Native Command Header (Len=1) 13 nx_mw :DEBUG:FN: nx_AES_EV2_MAC_CommandAPDU nx_mw :DEBUG:Command counter = 5 nx_mw :DEBUG:APDU Tx> (Len=15) 90 65 00 00 09 13 A2 19 25 9F 28 A9 67 A0 00 nx_mw :DEBUG:Enter phNxpEseProto7816_Transceive nx_mw :DEBUG:Transceive data ptr 0x0x7ffff91ea0c0 len:15 nx_mw :DEBUG:I-Frame Data Len: 15 Seq. no:1 nx_mw :DEBUG:TransceiveProcess nextTransceiveState 1 nx_mw :DEBUG:phNxpEse_WriteFrame Enter .. nx_mw :DEBUG:TX (axI2CWrite) > (Len=21) 21 40 00 0F 90 65 00 00 09 13 A2 19 25 9F 28 A9 67 A0 00 7A 7F nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RAW Tx> (Len=21) 21 40 00 0F 90 65 00 00 09 13 A2 19 25 9F 28 A9 67 A0 00 7A 7F nx_mw :DEBUG:phNxpEse_read Enter .. nx_mw :DEBUG:phPalEse_i2c_read Read Requested 2 bytes nx_mw :DEBUG:Done with rv = 0d nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 00 nx_mw :DEBUG:_i2c_read() error : 13 nx_mw :DEBUG:_i2c_read() failed. Going to retry, counter:1 ! nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=2) 12 40 nx_mw :DEBUG:phNxpEse_readPacket Read HDR nx_mw :DEBUG:phNxpEse_readPacket SOF FOUND nx_mw :DEBUG:phPalEse_i2c_read Read Requested 2 bytes nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 1A nx_mw :DEBUG:poll_sof_chained_delay value is 0 nx_mw :DEBUG:phPalEse_i2c_read Read Requested 28 bytes nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=28) 2E 7F BE 71 08 3B 2B FF 46 F0 2B E5 66 16 DA 32 F7 34 39 B6 4D EA C7 D7 91 00 BB AF nx_mw :DEBUG:RAW Rx< (Len=32) 12 40 00 1A 2E 7F BE 71 08 3B 2B FF 46 F0 2B E5 66 16 DA 32 F7 34 39 B6 4D EA C7 D7 91 00 BB AF nx_mw :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x55562b33cab0 len ----> 0x20 nx_mw :DEBUG:Received CRC:0xbbaf Calculated CRC:0xbbaf nx_mw :DEBUG:Retry Counter = 0 nx_mw :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame Received nx_mw :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame lastRcvdIframeInfo.seqNo:0x1 nx_mw :DEBUG:Data[0]=0x2e len=26 Data[25]=0x91 Data[26]=0x0 nx_mw :DEBUG: phNxpEse_Transceive Exit status 0x0 nx_mw :DEBUG:APDU Rx< (Len=26) 2E 7F BE 71 08 3B 2B FF 46 F0 2B E5 66 16 DA 32 F7 34 39 B6 4D EA C7 D7 91 00 nx_mw :DEBUG:FN: nx_DeCrypt nx_mw :DEBUG: Input:rspBuf (Len=26) 2E 7F BE 71 08 3B 2B FF 46 F0 2B E5 66 16 DA 32 F7 34 39 B6 4D EA C7 D7 91 00 nx_mw :DEBUG:Mac verified : (Len=16) 98 F7 45 34 5C 39 81 B6 E5 4D 5F EA 56 C7 C2 D7 nx_mw :DEBUG:Decrypted the response (Len=6) 05 04 08 10 91 00 APDU :DEBUG:ManageCertRepo [CreateCertRepo] APDU :DEBUG: [action] = 0x0 APDU :DEBUG: [repoID] = 0x0 APDU :DEBUG: [cert private keyID] = 0x0 APDU :DEBUG: [repoSize(LSB)] = 0xC00 APDU :DEBUG: [writeAccess] = 0x30 APDU :DEBUG: [readAccess] = 0x30 nx_mw :DEBUG: Input:Native Command code (Len=1) 49 nx_mw :DEBUG: Input:Native Command Header (Len=7) 00 00 00 00 0C 30 30 nx_mw :DEBUG:FN: nx_AES_EV2_MAC_CommandAPDU nx_mw :DEBUG:Command counter = 6 nx_mw :DEBUG:APDU Tx> (Len=21) 90 49 00 00 0F 00 00 00 00 0C 30 30 21 50 44 1A 00 AA 84 A7 00 nx_mw :DEBUG:Enter phNxpEseProto7816_Transceive nx_mw :DEBUG:Transceive data ptr 0x0x7ffff91eaf20 len:21 nx_mw :DEBUG:I-Frame Data Len: 21 Seq. no:0 nx_mw :DEBUG:TransceiveProcess nextTransceiveState 1 nx_mw :DEBUG:phNxpEse_WriteFrame Enter .. nx_mw :DEBUG:TX (axI2CWrite) > (Len=27) 21 00 00 15 90 49 00 00 0F 00 00 00 00 0C 30 30 21 50 44 1A 00 AA 84 A7 00 FA 77 nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RAW Tx> (Len=27) 21 00 00 15 90 49 00 00 0F 00 00 00 00 0C 30 30 21 50 44 1A 00 AA 84 A7 00 FA 77 nx_mw :DEBUG:phNxpEse_read Enter .. nx_mw :DEBUG:phPalEse_i2c_read Read Requested 2 bytes nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=2) 12 00 nx_mw :DEBUG:phNxpEse_readPacket Read HDR nx_mw :DEBUG:phNxpEse_readPacket SOF FOUND nx_mw :DEBUG:phPalEse_i2c_read Read Requested 2 bytes nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=2) 00 02 nx_mw :DEBUG:poll_sof_chained_delay value is 0 nx_mw :DEBUG:phPalEse_i2c_read Read Requested 4 bytes nx_mw :DEBUG:Done with rv = 0c nx_mw :DEBUG:RX (axI2CRead): (Len=4) 91 DE 37 A7 nx_mw :DEBUG:RAW Rx< (Len=8) 12 00 00 02 91 DE 37 A7 nx_mw :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x55562b33cab0 len ----> 0x8 nx_mw :DEBUG:Received CRC:0x37a7 Calculated CRC:0x37a7 nx_mw :DEBUG:Retry Counter = 0 nx_mw :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame Received nx_mw :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame lastRcvdIframeInfo.seqNo:0x0 nx_mw :DEBUG:Data[0]=0x91 len=2 Data[1]=0x91 Data[2]=0xde nx_mw :DEBUG: phNxpEse_Transceive Exit status 0x0 nx_mw :DEBUG:APDU Rx< (Len=2) 91 DE nx_mw :DEBUG:FN: nx_DeCrypt nx_mw :DEBUG: Input:rspBuf (Len=2) 91 DE nx_mw :WARN :nxEnsure:'(ret == SM_OK) || (ret == SM_OK_ALT)' failed. At Line:3713 Function:sss_nx_TXn_AES_EV2 nx_mw :ERROR:nx_ManageCertRepo_CreateCertRepo Failed nx_mw :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:812 Function:nx_load_se_leaf_keypair_and_cert nx_mw :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:980 Function:ex_sss_entry nx_mw :ERROR:nx_Personalization Example Failed !!!... nx_mw :INFO :ex_sss Finished nx_mw :ERROR:ex_sss_entry Failed nx_mw :DEBUG:Close i2c device 3. nx_mw :DEBUG:phNxpEse_close - ESE Context deinit completed nx_mw :ERROR:!ERROR! ret != 0.

 

Hi @Jansch ，

 

Thanks for the info! We noticed the 91 DE error in the error log which indicates it's already personalized, so it can not be personalized any more. and as you mentioned , All example are working but nx_Personalization is failed.

Question 1) Have you played with all example works with Symmetric authentication? I understand you didn't try with Sigma-I-Authentication, right?

 

Please kindly clarify.

 

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Hello @Kan_Li 

You are absolutely right, I didn't realise that was the issue with the nx_Personalization, as I don't have the chip first hand.

I also wanted to apologize for the formatting, if I only use quick reply, it doesn't format properly.

When running the Minimal example using SIGMA-I I receive this error still though. Is this the wrong directory? 

nx_mw :INFO :Read file from /home/pi/a30mw/nxmw-main/binaries/configuration/cert_depth3_PKCS7_rev1/cert_and_key/nist_p/device_root_certificate.der

nx_mw :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:1963 Function:nx_verify_leaf_cert_hash_signature

nx_mw :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:3512 Function:nx_sigma_i_authenticate_channel

nx_mw :ERROR:Could not set SIGMA-I Verifier Secure Channel

nx_mw :WARN :nxEnsure:'kStatus_SSS_Success == status' failed. At Line:174 Function:ex_sss_boot_nx_open nx_mw :ERROR:ex_sss_session_open Failed

nx_mw :ERROR:!ERROR! ret != 0.

Hi @Jansch ,

 

Thanks for the info! Actually A30 can only be personalized once, I am not sure how you configure nxMW for the first personalization, but please keep align with the first configuration when you do the first personalization,  I think it should also be done by yourself , right? if you personalize the chip with the keys and certs in folder A but run demos with ENV to folder B , there would be issues for sure.

 

BTW, Is it possible to share your current nxMW cmake options for a review?

 

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------