AnsweredAssumed Answered

Writing HSM keys

Question asked by Krzysztof Mazur on Jul 5, 2018
Latest reply on Jul 12, 2018 by manish.sharma

Hey guys, another big question from me.


I'm at a stage in my project where I have the HSM working and giving back correct ECB and CBC values, unfortunately this is not the core of our project, we need MAC generation, at first I used the ram key for this and if you read the reference manuals(security reference manual and the SHE on mpc5748g) you'll know why they were off.


What we have now: we used a script to enable the HSM, which supposedly flashed a secret key, but doesn’t mention a MASTER_ECU key, I implemented the get_id method and the mac value from it is 0 = means that apparently the MASTER_ECU_KEY  is empty and as mentioned previously the generateMac and verifyMac functions result in wrong values, i have implemented m1-m5 and k1-k4 generation based on the SHE on mpc5748g manual but it comes up with invalid key when trying to load values generated for MASTER_ECU_KEY  and empty key for values generated for key_1.


I'm after SHE - secure hardware extension functional specification document, which is referenced heavily in every pdf I look at to learn how to upload my own key but according to our contact, NXP don’t give out that document(silly, because its required to implement some major functionality)


So, I'd like to know where I can get the info about this, mainly I require values for MASTER_ECU_KEY like uid, flags, cid and whether I need to encrypt(and which encryption and key) the value, I am pretty sure I got m1 and m3 ok, m2 isn’t working because uid = 0 because MASTER_ECU_KEY = 0.


If the answer is too sensitive for the forums I am absolutely ok with PM's


Edit1: I exported RAM_KEY which gave me an encrypted M1, which makes me think that the SHE on mpc5748g document is also off because it doesnt mention any encryption of M1.

Edit2: When i try to update master_ecu_key the way it shows in the reference manuals i get 0x8 = error updating key