AnsweredAssumed Answered

S32K144 CSEc Remove Key Write-Protection

Question asked by Mahmoud Sherrah on Dec 22, 2018
Latest reply on Jan 4, 2019 by Veronica Mihaela Velciu

I have been using the CSEc module on the S32K144 to store cryptographic keys, generate random numbers and perform AES encryption/decryption. So I know all about how to store keys, use them and erase them.


Unfortunately, I messed up one of my trials and write protected one of the keys by mistake (not sure which one exactly). I now cannot erase all keys and restore the flash to factory settings using the usual commands of CMD_DB_CHAL and CMD_DBG_AUTH, since they require that no key is write-protected. AN5401 clearly says that I cannot reprogram or erase the keys.


However AN5401 section "Scenario 2: One or more keys is write protected and all user keys cannot be erased. (or not all user keys are known)" states that I need to update BOOT_MAC either manually or automatically.


My question is after running the first 3 steps of Example-4 Secure_boot_add_BOOT_MAC:

   /* Step-1 Program the code/program flash with the code to be protected */

   /* Step-2 Program BOOT_MAC_KEY into secure flash */

   /* Step-3 Define the secure boot flavor and the BOOT_SIZE */

   /* Reset S32K144EVB twice */


is the flash memory reset to the factory state and I can reprogram my keys again normally (even the master ECU key)? Is there anything I need to take care of?


Thanks a lot.