1. About cesc, how to connfig mcu to encrypt and decode for can communication or uart?
2. whether can config can encrypt , uart not . and in cesc what's function of random data ?
3. how to use jink download code to my board with disign stdio?
wish your reply , thanks a lot
Hi,
there's following application note including SW examples which should answer a lot of questions:
https://www.nxp.com/webapp/Download?colCode=AN5401
https://www.nxp.com/webapp/Download?colCode=AN5401SW&docLang=en
There are also SW example in SDK:
c:\NXP\S32DS_ARM_v2018.R1\S32DS\S32SDK_S32K1xx_RTM_3.0.0\examples\S32K144\demo_apps\flexcan_encrypted\
See the description here:
Notice that the part needs to be configured by:
c:\NXP\S32DS_ARM_v2018.R1\S32DS\S32SDK_S32K1xx_RTM_3.0.0\examples\S32K144\driver_examples\system\csec_keyconfig\
Regards,
Lukas
Wish your help, thanks a lot
Hi,
1. Partitioning and key configuration is supposed to be done only once - in factory. So, there's no this initialization in other projects.
2. The best way is to create new project and copy the code there. If you use SDK, you can also use CSEc drivers which are included in SDK.
3. I'm not sure if I can understand this question. Project "1_Configure_part_and_Load_keys" shows how to do partitioning and how to load the keys and project "2_Update_user_keys" shows how to update the keys if necessary.
4. I'm getting correct values. It looks like your device is not configured properly. Try to reset the device to factory state using project 5 and then use project 1 before running project 4.
Regards,
Lukas
hello,
if someone update key_1, whether can I get the Key_1's value (128bits) with Debug or print the 128 bits data with uart?
anther question, use CMD_DEFINE to define the security boot, reset mcu then save the boot_mac, if i update the boot code , at this time how to update the BOO_MAC's value automatic?
I think security boot must be disabled with code update the MAC_BOOT'value, else will boot fail always? if my understanding is right, how to disable the securoty boot or have anther mechanism?
wish your help ,thanks a lot.
Hi,
the RAM_KEY can be exported if it was loaded as a plaintext (command CMD_EXPORT_RAM_KEY). A key loaded by the secure protocol may not be exported.
There’s a function EXPORT_RAM_KEY() in the AN5401SW zip package. You can find it in file CSEc_functions.h which is included in all projects.
From the reference manual:
“36.5.13.15 CMD_EXPORT_RAM_KEY
The Export RAM Key command exports the RAM_KEY into a format protected by the
SECRET_KEY. The key may be imported again by using the CMD_LOAD_KEY
command.
A RAM_KEY can only be exported if it was written as plain text, i.e., by
CMD_LOAD_PLAIN_KEY.”
Regarding second question, please take a look at section "4.4.4 Updating Code and resulting BOOT_MAC" in AN5401.
Regards,
Lukas