Javier Soriano

[Freedom K82f] Help to configure QSPI for encrypted I/O

Discussion created by Javier Soriano on Dec 21, 2016
Latest reply on Jan 25, 2017 by Javier Soriano

I need some help to configure the QSPI for encrypted I/O. This in in general terms what I want to do:


1. My application resides in the internal flash. 

       - This means that I do not want to have my application on the QSPI. Many examples assume you want to boot your                 application from the encrypted QSPI. I do not want this.

2. My application creates the keyblob, and uses aes-128 to wrap it. Then it writes the aes-keyblob in the internal flash.

3. My application writes the KEK to the place where it should go.

4. My application reboots the device, so after the system is up, the new (and valid) keyblob will be used to configure the OTFAD.

5. Because the OTFAD is configured, encrypted data form the QSPI can be read (because it is decrypted on the fly).

     - Data that will be written to the QSPI needs to be encrypted by my application before the writing operation.


So far, I have reached point 2, and I have some questions about point 3:


This document states that "KEK needs to be preprogrammed in flash's IFR region. In MK82F256, the Flash IFR index for KEK is from index 0x20 to 0x23 ... using elftosb tools"

- How can I verify the current value of [0x20 - 0x23] ?

- Is there an alternative to the elftosb tools?

- Can my application write the KEK at runtime?

- If the KEK is programmed using elftosb tools (or any existing alternative), is there ANY way to erase/reset it?


Thanks in advance!