I have been using the CSEc module on the S32K144 to store cryptographic keys, generate random numbers and perform AES encryption/decryption. So I know all about how to store keys, use them and erase them.
Unfortunately, I messed up one of my trials and write protected one of the keys by mistake (not sure which one exactly). I now cannot erase all keys and restore the flash to factory settings using the usual commands of CMD_DB_CHAL and CMD_DBG_AUTH, since they require that no key is write-protected. AN5401 clearly says that I cannot reprogram or erase the keys.
However AN5401 section 220.127.116.11 "Scenario 2: One or more keys is write protected and all user keys cannot be erased. (or not all user keys are known)" states that I need to update BOOT_MAC either manually or automatically.
My question is after running the first 3 steps of Example-4 Secure_boot_add_BOOT_MAC:
/* Step-1 Program the code/program flash with the code to be protected */
/* Step-2 Program BOOT_MAC_KEY into secure flash */
/* Step-3 Define the secure boot flavor and the BOOT_SIZE */
/* Reset S32K144EVB twice */
is the flash memory reset to the factory state and I can reprogram my keys again normally (even the master ECU key)? Is there anything I need to take care of?
Thanks a lot.