帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

[Security] CSEC secureboot verify

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

[Security] CSEC secureboot verify

跳至解决方案
‎04-02-2024 05:58 AM
249 次查看
Gideon
Contributor III

Dear NXPs:

S32K146

P-Flash 1M(2 Block)

D-Flash 32K

 

background:

CMD_BOOT_DEFINE→BootManager 6KB Use CSEC's secureboot mechanism for verification.

The secondary verification area is Flex NVM Bootloader;

The area of third-level verification is Application;

A. Sequential Boot Mode

Q1:

(void)CSEC_DRV_BootDefine(BOOT_SIZE, CSEC_BOOT_SERIAL) After enabling secureboot, power on again to enter Secureboot. Since the selected mode is A. Sequential Boot Mode, even if the on-chip ROM fails to verify the Bootmanager image, the Bootmanager code will still be executed, so I It cannot be judged whether the first level verification is successful. I use the CSEC_DRV_GetStatus() interface in Bootmanager to determine the result of the first-level verification. If the (1 == (CSEC_STATUS_BOOT_OK & CSEC_DRV_GetStatus())) condition is met, the first-level verification is considered successful. Is my understanding correct?
Q2:
Is there any way I can get the BOOT_MAC value calculated by CSEC? Because I want to know what is the difference between this and the BOOT_MAC I calculated on my PC

 

0 项奖励
回复
1 解答

跳至解决方案
‎04-07-2024 11:40 PM
189 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @Gideon 

Even if sequential or parallel secure boot mode fails, the application code is executed. The only effect of the failure is that boot protected keys cannot be used. Only if strict sequential boot mode is used, the device will stay in reset forever if secure boot fails. But notice that there's no way to recover - the device needs to be replaced.

Yes, use CSEC_STATUS_BOOT_OK to check the result.

There's no way to read BOOT_MAC. This would violate the SHE specification.

Regards,
Lukas

在原帖中查看解决方案

0 项奖励
回复
1 回复

跳至解决方案
‎04-07-2024 11:40 PM
190 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @Gideon 

Even if sequential or parallel secure boot mode fails, the application code is executed. The only effect of the failure is that boot protected keys cannot be used. Only if strict sequential boot mode is used, the device will stay in reset forever if secure boot fails. But notice that there's no way to recover - the device needs to be replaced.

Yes, use CSEC_STATUS_BOOT_OK to check the result.

There's no way to read BOOT_MAC. This would violate the SHE specification.

Regards,
Lukas

0 项奖励
回复