Writing HSM keys

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

Writing HSM keys

跳至解决方案
3,193 次查看
k_mazur
Contributor II

Hey guys, another big question from me.

 

I'm at a stage in my project where I have the HSM working and giving back correct ECB and CBC values, unfortunately this is not the core of our project, we need MAC generation, at first I used the ram key for this and if you read the reference manuals(security reference manual and the SHE on mpc5748g) you'll know why they were off.

 

What we have now: we used a script to enable the HSM, which supposedly flashed a secret key, but doesn’t mention a MASTER_ECU key, I implemented the get_id method and the mac value from it is 0 = means that apparently the MASTER_ECU_KEY  is empty and as mentioned previously the generateMac and verifyMac functions result in wrong values, i have implemented m1-m5 and k1-k4 generation based on the SHE on mpc5748g manual but it comes up with invalid key when trying to load values generated for MASTER_ECU_KEY  and empty key for values generated for key_1.

 

I'm after SHE - secure hardware extension functional specification document, which is referenced heavily in every pdf I look at to learn how to upload my own key but according to our contact, NXP don’t give out that document(silly, because its required to implement some major functionality)

 

So, I'd like to know where I can get the info about this, mainly I require values for MASTER_ECU_KEY like uid, flags, cid and whether I need to encrypt(and which encryption and key) the value, I am pretty sure I got m1 and m3 ok, m2 isn’t working because uid = 0 because MASTER_ECU_KEY = 0.

If the answer is too sensitive for the forums I am absolutely ok with PM's

Edit1: I exported RAM_KEY which gave me an encrypted M1, which makes me think that the SHE on mpc5748g document is also off because it doesnt mention any encryption of M1.

Edit2: When i try to update master_ecu_key the way it shows in the reference manuals i get 0x8 = error updating key

标记 (3)
0 项奖励
回复
1 解答
2,497 次查看
k_mazur
Contributor II

Solution found, she on mpc5748g is the way to go. 1 thing though, that document needs a major rework, it is unbelievably confusing and the way its written and how it describes functions and pseudocode is extremely poor.

在原帖中查看解决方案

0 项奖励
回复
4 回复数
2,498 次查看
k_mazur
Contributor II

Solution found, she on mpc5748g is the way to go. 1 thing though, that document needs a major rework, it is unbelievably confusing and the way its written and how it describes functions and pseudocode is extremely poor.

0 项奖励
回复
786 次查看
venkataganesh9
Contributor I
what is the solution?, i am facing exact same issue.
0 项奖励
回复
2,497 次查看
manish_sharma
NXP Employee
NXP Employee

This was the apps note created by someone, not created by the SHE Security FW team. We deleted this doc from the NXP website. FW team just informed me that it is still available on Docstore. We will soon remove this from Docstore too.

Pl get the latest doc and  refer the same for your development and support.

If any issues let me know. manish.kumar@nxp.com

0 项奖励
回复
786 次查看
venkataganesh9
Contributor I
Hello Manish,
can you please share the solution.
0 项奖励
回复