AnsweredAssumed Answered

How to generate a HASH (or similar) value of program stored in QSPI flash that is unique to the processor that it is running on?

Question asked by Mark Butcher on May 9, 2020
Latest reply on May 12, 2020 by jeremyzhou

Hi All

 

I am looking for a solution that allows me to generate a HASH value for code stored in the QSPI flash. However the value generated must be unique to the processor that it is being generated by. Furthermore, it must not be possible to be able to know how to generate the same HASH based on any 'visible' information read from the processor itself.

 

I expect that this is possible by using features of system security (such as HAB) but the details to this operation are restricted to a certain degree so rather than attempt to work out low level details maybe generally someone knows of how it could nevertheless be done using general features.

 

The idea is the following - the i.MX RT have unique IDs and I understand that there is one that can't be read (not even by NXP) and is used as unique number input to the security system. This would be perfect since it could neither be accessed over the serial interface (eg. when eFuse values were to be used) not via JTAG.
If I could cause the security module to be able to generate a HASH value with this unique (secret) ID it would solve the problem.

 

Eg. I could imagine a pseudo-call that does:

 

void hash_my_code(unigned long *pointer_to_code_in QSPI, unsigned long LengthOfCode, unsigned long *ptrHashResult); // prototype the routine to be developed, based on security module capability (if possible usable on all i.MX RT 1011..1064 range)

unsigned long ulHash[LENGTH_OF_HASH_LONGS]; // buffer for the result
hash_my_code(0x60000000, 0x4000, ulHash);
// the unique hash of the code stored in QSPI flash area is now available unique to this processor!!

I could do this be using the visible ID in the eFUSEs (but it is not very "random") or by programming random values to general purpose eFUSE registers but then both JTAG access and also serial interface access to the eFUSEs needs to be disabled, which I desperately want to avoid in this case.

 

Does anyone know how this could be done?

 

Thanks

 

Regards

 

Mark

Outcomes