- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
已解决
04-14-2025
03:45 PM
3,105 次查看
I am trying to use something like hsm_do_cipher or hsm_cipher_one_go to encrypt with AES 256 a small amount of data (32 bytes).
When I tried hsm_do_cipher I get an error that the handle is bad. If I use hsm_cipher_one_go I get a bad parameter error.
I tried to use this code to create my test:
https://github.com/nxp-imx/imx-secure-enclave/blob/1130c8bb820881ad037ba3f060e7fa70635fae3c/test/hsm...
I get this error from hsm_cipher_one_go:
SAB Error: SAB CMD [0x62] Resp [0x429] - MU sanity check failed / Invalid parameters.
aesencrypt: aesencrypt.c:164: hsm_do_cipher failed, err=0x4
Is there a way to determine what is wrong with my parameters? I see no errors when I create my key in a separate program. Files are created under /etc/ele.
Here is my code setting up the cipher_args:
memset(&cipher_args,0,sizeof cipher_args);
cipher_args.key_identifier = KEYID;
cipher_args.iv = SM2_IDENTIFIER;
cipher_args.iv_size = sizeof(SM2_IDENTIFIER);
cipher_args.flags = HSM_CIPHER_ONE_GO_FLAGS_ENCRYPT;
cipher_args.cipher_algo = HSM_CIPHER_ONE_GO_ALGO_ECB;
cipher_args.input = sp;
cipher_args.input_size = slength;
cipher_args.output = od;
cipher_args.output_size = slength;已解决! 转到解答。
1 解答
04-15-2025
04:29 PM
3,056 次查看
I found code that I could use:
https://github.com/nxp-imx/imx-secure-enclave/blob/1130c8bb820881ad037ba3f060e7fa70635fae3c/test/com...
I found that 8 bytes of input data will cause the function hsm_do_hash() to fail with an invalid argument message. 16 bytes does work.
It would be nice if key_identifier requirements were spelled out, iv_size does not have limits, neither does input_size.
https://github.com/nxp-imx/imx-secure-enclave/blob/1130c8bb820881ad037ba3f060e7fa70635fae3c/test/com...
I found that 8 bytes of input data will cause the function hsm_do_hash() to fail with an invalid argument message. 16 bytes does work.
It would be nice if key_identifier requirements were spelled out, iv_size does not have limits, neither does input_size.
3 回复数
04-15-2025
01:19 PM
3,075 次查看
I see that the test I copied has this at the start:
f (se_get_soc_id() == SOC_IMX95)
do_cipher_stream_opaquekey_test(key_store_hdl, key_mgmt_hdl);
So this probably prevents this test from running on the i.MX91. So why is the filter on imx95 present? Can you use the keystore with AES encryption on an i.MX91? Is there an example anywhere?
f (se_get_soc_id() == SOC_IMX95)
do_cipher_stream_opaquekey_test(key_store_hdl, key_mgmt_hdl);
So this probably prevents this test from running on the i.MX91. So why is the filter on imx95 present? Can you use the keystore with AES encryption on an i.MX91? Is there an example anywhere?
04-15-2025
01:31 PM
3,072 次查看
It should be:
if (se_get_soc_id() == SOC_IMX95)
Here is the code that skips what I want to do on an i.MX91:
https://github.com/nxp-imx/imx-secure-enclave/blob/1130c8bb820881ad037ba3f060e7fa70635fae3c/test/com...
if (se_get_soc_id() == SOC_IMX95)
Here is the code that skips what I want to do on an i.MX91:
https://github.com/nxp-imx/imx-secure-enclave/blob/1130c8bb820881ad037ba3f060e7fa70635fae3c/test/com...
04-15-2025
04:29 PM
3,057 次查看
I found code that I could use:
https://github.com/nxp-imx/imx-secure-enclave/blob/1130c8bb820881ad037ba3f060e7fa70635fae3c/test/com...
I found that 8 bytes of input data will cause the function hsm_do_hash() to fail with an invalid argument message. 16 bytes does work.
It would be nice if key_identifier requirements were spelled out, iv_size does not have limits, neither does input_size.
https://github.com/nxp-imx/imx-secure-enclave/blob/1130c8bb820881ad037ba3f060e7fa70635fae3c/test/com...
I found that 8 bytes of input data will cause the function hsm_do_hash() to fail with an invalid argument message. 16 bytes does work.
It would be nice if key_identifier requirements were spelled out, iv_size does not have limits, neither does input_size.
