- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
Hello,
Following the response I got from this forum question here , this seems to be the thing we are looking for. However, we are unable to export NXP_PROD_KA_PUB key at id 0x70000000.
We tried from the linux userspace with the nvm_daemon, which starts correctly but fails when trying to export it when sending the ELE message.
We also tried from U-Boot and spdsk and the problem still persists :
user@vbox:/data/gitclone/src_spsdk/spsdk$ uv run spsdk nxpele -f mimx9352 -p /dev/ttyACM0 -d uboot_serial export-nxp-prod-ka-puk -o file
Step 1/4: Initializing SAB...
SAB Init successful
Step 2/4: Opening session...
Session opened successfully. Handle: 0xE59B04F0
Step 3/4: Opening keystore...
Keystore opened successfully. Handle: 0xE59B0970
Step 4/4: Exporting public key...
Error during NXP Production Key Agreement Public Key export: SPSDK: ELE Message failed.
Command: PUBLIC_KEY_EXPORT_REQ - (0x32)
Command words: 7
Command data: False
Response words: 4
Response data: True
Response status: Failure
Response indication: ResponseIndication:Unknown_0x1b - (0x1b)
Response abort code: 0x0
Public Key Export Command:
- Key store handle: 0xE59B0970
- Key ID: 0x70000000
- Output buffer size: 64 bytes
- Exports public key of asymmetric key from key store
- Public key is re-calculated (except Twisted Edwards/Montgomery)
- Must be called after opening valid key store service
Key store handle: 0xE59B0970
Key ID: 0x70000000
Output public key size: 0 bytes
No public key data received
Cleaning up: Closing keystore...
Cleaning up: Closing session...
Failed to export NXP Production Key Agreement Public Key
And everything seems correct from get-info, SRKH is fused and from my knowledge the device does not needs to be OEM closed to export it. Below is the content of get-info :
user@vbox:/data/gitclone/src_spsdk/spsdk$ uv run spsdk nxpele -f mimx9352 -p /dev/ttyACM0 -d uboot_serial get-info
ELE get info ends successfully:
Command: 0xda
Version: 2
Length: 160
SoC ID: MX93 - 0x9300
SoC version: A100
Life Cycle: OEM_OPEN - 0x0010
SSSM state: 4
Attest API version: 2
UUID: 86ee42794bb64887bddcb53e5666e040
SHA256 ROM PATCH: e9b0338e5f4a0a92025f764c5eeae2d26be1211c77ee51e49a9ee36a7185d587
SHA256 FW: 7d0dd0b6d993e4df39eb69cee18b4f7eb6ac1622aaf7d144c25c00cc4908ca60
Advanced information:
OEM SRKH: 2a6b7811117a8f2d16e1b506b587f6f44e2e444111f8ec7df047eec5200e6fd9
IMEM state: The IMEM is fully loaded and all ELE functionality can be used - 0xCA
CSAL state: EdgeLock secure enclave random context initialization succeed - 0x02
TRNG state: TRNG entropy is valid and ready to be read - 0x03
Thanks in advance for your response.
已解决! 转到解答。
We are using lf-6.12-y for linux, lf_2024.07 for u-boot and here is the output of "get-ele-fw-version":
(spsdk) eliott@vbox:/data/gitclone/src_spsdk/spsdk$ uv run nxpele -f mimx9352 -p /dev/ttyUSB0 -d uboot_serial get-ele-fw-version
Get ELE firmware version ends successfully:
EdgeLock Enclave firmware version: 0800000B
Readable form: 0.0.11
Commit SHA1 (First 4 bytes): 33CDA99A
John
