How to use encrypt and decode

814420552 · ‎11-28-2019

1. About cesc， how to connfig mcu to encrypt and decode for can communication or uart?

2. whether can config can encrypt , uart not . and in cesc what's function of random data ?

3. how to use jink download code to my board with disign stdio?

wish your reply , thanks a lot

lukaszadrapa · ‎11-29-2019

Hi,

there's following application note including SW examples which should answer a lot of questions:

https://www.nxp.com/webapp/Download?colCode=AN5401

https://www.nxp.com/webapp/Download?colCode=AN5401SW&docLang=en

There are also SW example in SDK:

c:\NXP\S32DS_ARM_v2018.R1\S32DS\S32SDK_S32K1xx_RTM_3.0.0\examples\S32K144\demo_apps\flexcan_encrypted\

See the description here:

file:///C:/NXP/S32DS_ARM_v2018.R1/S32DS/S32SDK_S32K1xx_RTM_3.0.0/doc/html_S32K144/flexcan_encrypted_...

Notice that the part needs to be configured by:

c:\NXP\S32DS_ARM_v2018.R1\S32DS\S32SDK_S32K1xx_RTM_3.0.0\examples\S32K144\driver_examples\system\csec_keyconfig\

Regards,

Lukas

814420552 · ‎12-05-2019

The example “3_Basic_operations” in AN5401SW has no configures part for keys, why has no init step?
My ECU is s32k146 ,when run the example 1_Configure_part_and_Load_keys , the result M4_out is always 0, and the processor in s32 design studio display as following,how to change it with s32k146, or whether has examples run in s32k146,
Whether can I get the key’s value(128 bit) by CMD_LOAD_KEY？
Above those examples， for example 4_secure_boot_and BOOT_MAC , in step2 is M4_OUT BOOT_MAC_KEY value? And M4? But when this example run in s32k146 M4_OUT is always = 0, why?

Wish your help, thanks a lot

lukaszadrapa · ‎12-09-2019

Hi,

1. Partitioning and key configuration is supposed to be done only once - in factory. So, there's no this initialization in other projects.

2. The best way is to create new project and copy the code there. If you use SDK, you can also use CSEc drivers which are included in SDK.

3. I'm not sure if I can understand this question. Project "1_Configure_part_and_Load_keys" shows how to do partitioning and how to load the keys and project "2_Update_user_keys" shows how to update the keys if necessary.

4. I'm getting correct values. It looks like your device is not configured properly. Try to reset the device to factory state using project 5 and then use project 1 before running project 4.

Regards,

Lukas

814420552 · ‎12-09-2019

hello，

if someone update key_1, whether can I get the Key_1's value (128bits) with Debug or print the 128 bits data with uart?

anther question, use CMD_DEFINE to define the security boot, reset mcu then save the boot_mac, if i update the boot code , at this time how to update the BOO_MAC's value automatic?

I think security boot must be disabled with code update the MAC_BOOT'value, else will boot fail always? if my understanding is right, how to disable the securoty boot or have anther mechanism？

wish your help ,thanks a lot.

lukaszadrapa · ‎12-11-2019

Hi,

the RAM_KEY can be exported if it was loaded as a plaintext (command CMD_EXPORT_RAM_KEY). A key loaded by the secure protocol may not be exported.

There’s a function EXPORT_RAM_KEY() in the AN5401SW zip package. You can find it in file CSEc_functions.h which is included in all projects.

From the reference manual:

“36.5.13.15 CMD_EXPORT_RAM_KEY

The Export RAM Key command exports the RAM_KEY into a format protected by the

SECRET_KEY. The key may be imported again by using the CMD_LOAD_KEY

command.

A RAM_KEY can only be exported if it was written as plain text, i.e., by

CMD_LOAD_PLAIN_KEY.”

Regarding second question, please take a look at section "4.4.4 Updating Code and resulting BOOT_MAC" in AN5401.

Regards,

Lukas