FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Unable to get Manufacturing Protection Public Key

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to get Manufacturing Protection Public Key

Tuesday
132 Views
Chandni
Contributor II

Hi Team,

@Harvey021 

I am trying to retrieve the manufacturing Protection Public key on my IMX8DX chip, however I always get 0x0 as public key.  I have tried supplying 96 and 97 bytes buffer, (even greater values too), but no luck. My chip is in OEM closed LC state.

I tried reading the MPECC register to see if the key exists. I get 0x0 as the value, so it means the key is still there.
Can you please provide any insights on how to retrieve this key? I am using OP-TEE OS to fetch this key and I use caam_calloc_align_buf() along with setting the sc_rm_set_memreg_permissions() to full permission for the allocated memory to SECO partition

Feels like SECO cannot write to this location or it requires some extra step to get the key. Can you please guide me?

Thanks in advance.
Chandni

0 Kudos
Reply
2 Replies

yesterday
22 Views
Chandni
Contributor II

Hi Aldo,

Thanks for your reply. Here are my observations:

From AN13222: "The Unlock command is not necessary for the I.MX 8X/8DXL devices because the MP private key is preserved
when the secure boot is enabled."
Also when i try the unlock command, i keep getting: "Invalid command: AuthenticateCSF is illegal for given target". Looking at the CST user's guide says: "Unlock and Authenticate CSF" are only HAB commands, so it does not work. I am using AHAB target

Also i am reading MPECC register, the MP_ZERO bit is 0x0, which means key has non-zero value. Have i understood it wrong?

Do i  need any signed message to enable/unlock it?

Regards,
Chandni



0 Kudos
Reply

Friday
80 Views
AldoG
NXP TechSupport
NXP TechSupport

Hello,

Did you follow section 3.2 Private key persistence of the AN13222.
This step is to ensure that the private key is available to software after the device boots. The Manufacturing Protection private key is cleared during the boot unless the signature (CSF) contains the Unlock command, informing the HAB/AHAB to leave the key. The 'Unlock' command is added to the CSF description file.

Since unless the private key is preserved during the boot, none of the Manufacturing Protection features are functional.

Best regards/Saludos,
Aldo.

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2253655%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3EUnable%20to%20get%20Manufacturing%20Protection%20Public%20Key%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2253655%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%20Team%2C%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F192970%22%20target%3D%22_blank%22%3E%40Harvey021%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20trying%20to%20retrieve%20the%20manufacturing%20Protection%20Public%20key%20on%20my%20IMX8DX%20chip%2C%20however%20I%20always%20get%200x0%20as%20public%20key.%26nbsp%3B%20I%20have%20tried%20supplying%2096%20and%2097%20bytes%20buffer%2C%20(even%20greater%20values%20too)%2C%20but%20no%20luck.%20My%20chip%20is%20in%20OEM%20closed%20LC%20state.%3C%2FP%3E%3CP%3EI%20tried%20reading%20the%20MPECC%20register%20to%20see%20if%20the%20key%20exists.%20I%20get%200x0%20as%20the%20value%2C%20so%20it%20means%20the%20key%20is%20still%20there.%3CBR%20%2F%3ECan%20you%20please%20provide%20any%20insights%20on%20how%20to%20retrieve%20this%20key%3F%20I%20am%20using%20OP-TEE%20OS%20to%20fetch%20this%20key%20and%20I%20use%26nbsp%3B%3CSPAN%3Ecaam_calloc_align_buf()%20along%20with%20setting%20the%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Esc_rm_set_memreg_permissions()%20to%20full%20permission%20for%20the%20allocated%20memory%20to%20SECO%20partition%3CBR%20%2F%3E%3CBR%20%2F%3EFeels%20like%20SECO%20cannot%20write%20to%20this%20location%20or%20it%20requires%20some%20extra%20step%20to%20get%20the%20key.%20Can%20you%20please%20guide%20me%3F%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%20in%20advance.%3CBR%20%2F%3E%3C%2FSPAN%3EChandni%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2253655%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CLINGO-LABEL%3Ei.MX%208%20Family%20%7C%20i.MX%208QuadMax%20(8QM)%20%7C%208QuadPlus%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E