how to install and verify SMR-based Memory Verification - Periodic or On-demand in S32K344

HyunungPark1 · ‎09-05-2023

Hi,

Currently, I am implement as the title.

But there is any problem.

Could you please let me know to resolve this issue?

Below is codes to install smr and verify for the two types.

case1. SMR-based Memory Verification - Periodic

"HSE_SRV_RSP_NOT_ALLOWED"error happens using the below code

//smr install

service id = HSE_SRV_ID_SMR_ENTRY_INSTALL

g_smrEntry[coreID].configFlags = HSE_SMR_CFG_FLAG_INSTALL_AUTH;

g_smrEntry[coreID].pSmrDest = 0U;

g_smrEntry[coreID].checkPeriod = 80;/* a verification process is triggered every 2s for a system clock frequency of 160MHz, 4s at 80MHz etc*/

g_smrEntry[coreID].pSmrSrc = startAddress;

g_smrEntry[coreID].smrSize = u32CodeLength;

g_smrEntry[coreID].authKeyHandle = CRYPTO_KEY_ID_NVM_FTD_PUBLICKEY_HANDLE;

g_smrEntry[coreID].authScheme.sigScheme.signSch = HSE_SIGN_RSASSA_PKCS1_V15;

g_smrEntry[coreID].authScheme.sigScheme.sch.rsaPkcs1v15.hashAlgo = HSE_HASH_ALGO_SHA2_256;

g_smrEntry[coreID].pInstAuthTag[0] = RSA_TAG_FTD_SIGNATURE_FLASH_ADDRESS;

g_smrEntry[coreID].pInstAuthTag[1] = (uint32_t)NULL;

u32startAddress = startAddress;

u32endAddress = endAddress;

//cr install

service id = HSE_SRV_ID_CORE_RESET_ENTRY_INSTALL

g_crEntry[coreID].preBootSmrMap = 0;

g_crEntry[coreID].coreId = (hseAppCore_t)coreID;

g_crEntry[coreID].preBootSmrMap = 0; ;

g_crEntry[coreID].pPassReset = pAppHeader[coreID]->pAppStartEntry;

g_crEntry[coreID].crSanction = HSE_CR_SANCTION_KEEP_CORE_IN_RESET;

g_crEntry[coreID].altPreBootSmrMap = 0x0UL; /* Not used here - configuration in case boot fails */

g_crEntry[coreID].pAltReset = pAppHeader[coreID]->pAppStartEntry; /* Alternate Reset should not be NULL or 0xFFFFFFFF */

g_crEntry[coreID].startOption = HSE_CR_AUTO_START;

BRs.

Hyunung Park

lukaszadrapa · ‎09-07-2023

Hi @HyunungPark1

If checkPeriod is non-zero, some conditions must be met (copied from HSE Service API RM):

I can see that this is not considered in your code.

Also make sure that all the structures/variables used to communication with HSE are forced to non-cacheable area.

Regards,

Lukas

HyunungPark1 · ‎09-15-2023

In case of on demand, cr does not installed normally

HyunungPark1 · ‎09-08-2023

Hi

SMR is installed normally In case of SMR-based Memory Verification - periodic

But error happens when CR Install.

Could you please let me know for the value of hseCrEntry_t strutcure?

g_crEntry[coreID].coreId = (hseAppCore_t)coreID;

g_crEntry[coreID].preBootSmrMap = 1 << coreID; ;

g_crEntry[coreID].postBootSmrMap = 1 << coreID; ;

g_crEntry[coreID].pPassReset = pAppHeader[coreID]->pAppStartEntry;

g_crEntry[coreID].crSanction = HSE_CR_SANCTION_DIS_ALL_KEYS;

g_crEntry[coreID].altPreBootSmrMap = 0x0UL; /* Not used here - configuration in case boot fails */

g_crEntry[coreID].pAltReset = pAppHeader[coreID]->pAppStartEntry; /* Alternate Reset should not be NULL or 0xFFFFFFFF */

g_crEntry[coreID].startOption = HSE_CR_AUTO_START;

BRs.

Hyunung Park

HyunungPark1 · ‎09-12-2023

Hi,

SMR and CR is installed normally for the SMR-based Verification-Periodic,

But there is an error for SMR-based Verification -On Demand.

Below is the code for SMR-based Verification -On Demand.

Could you please let me know what should I do to resolve this issue?

===============================================================

g_smrEntry[smrIndex].configFlags = HSE_SMR_CFG_FLAG_INSTALL_AUTH;

g_smrEntry[smrIndex].pSmrDest = 0u;

g_smrEntry[smrIndex].checkPeriod = 0U;

g_smrEntry[smrIndex].pSmrsrc=startAddress;

g_smrEntry[smrIndex].smrSize = u32CodeLength;

g_smrEntry[smrIndex].authKeyHandle = CRYPTO_KEY_ID_NVM_PDP_PUBLICKEY_HANDLE;

g_smrEntry[smrIndex].authScheme.sigScheme.signSch = HSE_SIGN_RSASSA_PKCS1_V15;

g_smrEntry[smrIndex].authScheme.sigScheme.sch.rsaPkcs1v15.hashAlgo = HSE_HASH_ALGO_SHA2_256;

g_smrEntry[smrIndex].pInstAuthTag[0] = RSA_TAG_PDP_SIGNATURE_FLASH_ADDRESS;

g_smrEntry[smrIndex].pInstAuthTag[1] = (uint32_t)NULL;

gstartAddress = startAddress;

gendAddress = endAddress;

g_crEntry[smrIndex].coreId = (hseAppCore_t)0;

g_crEntry[smrIndex].preBootSmrMap = 1 << 0;

g_crEntry[smrIndex].pPassReset = pAppHeader[coreID]->pAppStartEntry;//pAppHeader[coreID]->pAppStartEntry;

g_crEntry[smrIndex].altPreBootSmrMap = 0; /* Not used here - configuration in case boot fails */

g_crEntry[smrIndex].pAltReset = pAppHeader[coreID]->pAppStartEntry; /* Alternate Reset should not be NULL or 0xFFFFFFFF */

g_crEntry[smrIndex].postBootSmrMap = 1 <<2;

g_crEntry[smrIndex].startOption = HSE_CR_ON_DEMAND;

g_crEntry[smrIndex].crSanction = HSE_CR_SANCTION_DIS_INDIV_KEYS;

CoreSrvId = HSE_SRV_ID_ON_DEMAND_CORE_RESET;

SMRSrvId = HSE_SRV_ID_SMR_ENTRY_INSTALL;

eRetVal = Crypto_SMR_Install(smrIndex,
SMRSrvId,
(const hseSmrEntry_t *)&g_smrEntry[smrIndex],
(const uint8_t *)g_smrEntry[smrIndex].pSmrSrc,
g_smrEntry[smrIndex].smrSize,
(const uint8 *)tag_addr[0][smrIndex],
(const uint8 *)tag_addr[1][smrIndex],
256U,
256U);

eRetVal = Crypto_CoreReset_Install(0, CoreSrvId, (const hseCrEntry_t* )&(g_crEntry[smrIndex]));
CDDAssert((Std_ReturnType)E_OK == eRetVal );