# S32g2 HSE key config
**Key catalog configuration**
* Each catalog entry represent a key group of the same key type.
* Each group is identified by its index within the catalog.
* a key group should not contain keys that have keybitLen < maxKeyBitLen
#### S32g2 ROM Key
```c
/** HSE ROM key handles.
* The ROM key catalog references keys that are provisioned by NXP and can be used by the host.
*
* @note
* - The ROM keys have the following access restriction flags set:
* \code
*
* (#HSE_KF_ACCESS_WRITE_PROT | #HSE_KF_ACCESS_DEBUG_PROT)
*
* \endcode
*/
/** @brief This key can be used for data encryption/decryption, having the following usage restrictions:
* \code
*
* (#HSE_KF_USAGE_ENCRYPT | #HSE_KF_USAGE_DECRYPT)
*
* \endcode */
#define HSE_ROM_KEY_AES256_KEY0 ((hseKeyHandle_t)0x00000000UL)
/** @brief This key can be used for key derivation and key provisioning, having the following usage restrictions:
* \code
*
* (#HSE_KF_USAGE_DERIVE | #HSE_KF_USAGE_VERIFY | #HSE_KF_USAGE_ENCRYPT | #HSE_KF_USAGE_DECRYPT | #HSE_KF_USAGE_KEY_PROVISION)
*
* \endcode */
#define HSE_ROM_KEY_AES256_KEY1 ((hseKeyHandle_t)0x00000001UL)
/** @brief This key can be used for RSA encrypt and signature verify, having the following usage restrictions:
* \code
*
* (#HSE_KF_USAGE_ENCRYPT | #HSE_KF_USAGE_VERIFY)
*
* \endcode */
#define HSE_ROM_KEY_RSA2048_PUB_KEY2 ((hseKeyHandle_t)0x00000100UL)
/** @brief This key can be used for key provisioning having the following usage restrictions:
* \code
*
* (#HSE_KF_USAGE_VERIFY | #HSE_KF_USAGE_KEY_PROVISION)
*
* \endcode */
#define HSE_ROM_KEY_ECC256_PUB_KEY3 ((hseKeyHandle_t)0x00000200UL)
```
#### S32g2 Key Catalog configuration:
```c
/* S32g2 HSE KEY CATALOG CONFIGURATION */
/* hse nvm key catalog configuration
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_AES, 5U, HSE_KEY128_BITS },
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_AES, 10U, HSE_KEY256_BITS },
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_HMAC, 5U, HSE_KEY512_BITS },
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_ECC_PAIR, 2U, HSE_KEY256_BITS },
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_ECC_PUB, 2U, HSE_KEY256_BITS },
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_ECC_PUB_EXT, 1U, HSE_KEY256_BITS },
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_RSA_PAIR, 2U, HSE_KEY2048_BITS},
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_RSA_PUB, 2U, HSE_KEY2048_BITS},
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_RSA_PUB_EXT, 1U, HSE_KEY2048_BITS},
{ 0U, 0U, 0U, 0U, 0U }
*/
/* hse ram key catalog configuration
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_RSA_PUB, 1u, HSE_KEY2048_BITS },
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_AES, 12u, HSE_KEY256_BITS },
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_HMAC, 6u, HSE_KEY512_BITS},
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_ECC_PUB, 1u, HSE_KEY256_BITS},
{0u, 0u, 0u, 0u, 0u}
*/
```
**NVM key catalog (catalog id = 1)**
| **group id** | **key type** | **max key size(bits)** | **number of keys** |
| ------------ | ------------- | ---------------------- | ------------------ |
| 0 | AES | 128 | 5 |
| 1 | AES | 256 | 10 |
| 2 | HMAC | 512 | 5 |
| 3 | ECC\_PAIR | 256 | 2 |
| 4 | ECC\_PUB | 256 | 2 |
| 5 | ECC\_PUB\_EXT | 256 | 1 |
| 6 | RSA\_PAIR | 2048 | 2 |
| 7 | RSA\_PUB | 2048 | 2 |
| 8 | RSA\_PUB\_EXT | 2048 | 1 |
**RAM key catalog (catalog id = 2)**
| **group id** | **key type** | **max key size(bits)** | **number of keys** |
| ------------ | ------------ | ---------------------- | ------------------ |
| 0 | RSA\_PUB | 2038 | 1 |
| 1 | AES | 256 | 12 |
| 2 | HMAC | 512 | 6 |
| 3 | ECC\_PUB | 256 | 1 |