FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

se05x_API_DeleteAll_Iterative() of Plug and trust middleware

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

se05x_API_DeleteAll_Iterative() of Plug and trust middleware

Jump to solution
‎12-14-2022 11:18 PM
2,034 Views
kei_odagiri
Contributor III

Hello,

I'm developing an app to delete some secure objects of se050, so to speak a reset command. The app utilizes Se05x_API_DeleteAll_Iterative(), and I found a phenomenon that secure objects having keyid from 1 to 3 are not deleted. I did quick check for source code in plug and trust middle ware.

I think SE05X_OBJID_TP_MASK causes the phenomenon which the secure objects aren't deleted.

https://github.com/NXP/plug-and-trust/blob/v04.02.00/hostlib/hostLib/se05x/src/se05x_mw.c#L51

            else if (!SE05X_OBJID_TP_MASK(id) && id) {
                LOG_D("Not erasing Trust Provisioned objects");
            }

 

https://github.com/NXP/plug-and-trust/blob/v04.02.00/sss/ex/inc/ex_sss_objid.h#L31

#define SE05X_OBJID_TP_MASK(X)              (0xFFFFFFFC & (X))

 

Kei Odagiri

Atmark techno,Inc.

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Jump to solution
‎12-15-2022 07:12 PM
2,007 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @kei_odagiri ,

 

Yes, the range of keyid from 1 to 0x7BFFFFFF is opened to users, but there are cases customers trust provision some secure objects there, and SE05X_OBJID_TP_MASK can be used to prevent deleting such kind of objects accidently , but of course users may adjust SE05X_OBJID_TP_MASK definition according to their requirements.

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

View solution in original post

0 Kudos
Reply
4 Replies

Jump to solution
‎12-15-2022 05:32 PM
2,013 Views
kei_odagiri
Contributor III

I tried deleting manually the keyid range, I succeeded to delete the keyid. Therefore users can't delete the range by se05x_API_DeleteAll_Iterative() but users can delete it by Se05x_API_DeleteSecureObject().

 

# ssscli erase 1
ssse-flw: EmbSe_Init(): Entry
App :INFO :Using PortName='/dev/i2c-2:0x48' (ENV: EX_SSS_BOOT_SSS_PORT=/dev/i2c-2:0x48)
sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41
54 50 4F
sss :WARN :Communication channel is Plain.
sss :WARN :!!!Not recommended for production use.!!!
ssse-flw: Version: 1.0.5
ssse-flw: EmbSe_Init(): Exit
ssse-flw: Control Command EMBSE_LOG_LEVEL; requested log level = 7
Erasing Key entry from KeyID = 0x00000001
sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41
54 50 4F
sss :WARN :Communication channel is Plain.
sss :WARN :!!!Not recommended for production use.!!!
Erased Key entry from KeyID = 0x00000001
ssse-flw: EmbSe_Finish(): Entry
ssse-flw: EmbSe_Finish(): Exit
ssse-flw: EmbSe_Destroy(): Entry

0 Kudos
Reply

Jump to solution
‎12-15-2022 05:06 PM
2,015 Views
kei_odagiri
Contributor III

Please let me add this information. 

According to AN13030 Plug & Trust MW Documentation (Rev. 1.9 — 30 June 2022), the range of keyid from 1 to 0x7BFFFFFF is opened to users. But users can't delete the keyid from 1 to 3 by using Se05x_API_DeleteAll_Iterative(). I think the implementation of the Se05x_API_DeleteAll_Iterative() does not allow it. 

3.14 Key Id Range and Purpose

se050_keyid_range.png

 

 

0 Kudos
Reply

Jump to solution
‎12-15-2022 07:12 PM
2,008 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @kei_odagiri ,

 

Yes, the range of keyid from 1 to 0x7BFFFFFF is opened to users, but there are cases customers trust provision some secure objects there, and SE05X_OBJID_TP_MASK can be used to prevent deleting such kind of objects accidently , but of course users may adjust SE05X_OBJID_TP_MASK definition according to their requirements.

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

0 Kudos
Reply

Jump to solution
‎12-15-2022 09:45 PM
1,999 Views
kei_odagiri
Contributor III

Hi Kan_Li ,

I suspected there is a policy to protect NXP's special trust provisioning objects. Additionally, I considered the middle ware should implement the restriction for all apis. But, sure, if middle ware restrict to delete the keyid in all apis, users may not handle under unexpected situation.

Anyway since you mentioned users can adjust the protection, I will modify the range of the macro to my suitable spec.

Thank you,

Kei Odagiri

0 Kudos
Reply