I have been using the CSEc module on the S32K144 to store cryptographic keys, generate random numbers and perform AES encryption/decryption. So I know all about how to store keys, use them and erase them.
Unfortunately, I messed up one of my trials and write protected one of the keys by mistake (not sure which one exactly). I now cannot erase all keys and restore the flash to factory settings using the usual commands of CMD_DB_CHAL and CMD_DBG_AUTH, since they require that no key is write-protected. AN5401 clearly says that I cannot reprogram or erase the keys.
However AN5401 section 220.127.116.11 "Scenario 2: One or more keys is write protected and all user keys cannot be erased. (or not all user keys are known)" states that I need to update BOOT_MAC either manually or automatically.
My question is after running the first 3 steps of Example-4 Secure_boot_add_BOOT_MAC:
/* Step-1 Program the code/program flash with the code to be protected */
/* Step-2 Program BOOT_MAC_KEY into secure flash */
/* Step-3 Define the secure boot flavor and the BOOT_SIZE */
/* Reset S32K144EVB twice */
is the flash memory reset to the factory state and I can reprogram my keys again normally (even the master ECU key)? Is there anything I need to take care of?
Thanks a lot.
The example you are mentioning seems to only recompute the BOOT_MAC, it does not reset the flash to factory state. After the BOOT_MAC_KEY and the secure boot flavor and size are configured, at the next reset, CSEc will compute the MAC for the memory region 0...BOOT_SIZE and store it into the BOOT_MAC slot. After this, at each reset, the MAC will be re-computed and compared to the value stored in BOOT_MAC. If the verification fails, depending on the boot flavor configured, boot protected keys will not be available (sequential/parallel boot mode) or the main core will stay in reset (strict sequential mode).
Unfortunately, once a key is write protected, I don't think there is any method for resetting the flash memory to factory settings.