S32g2 HSE key config

Key catalog configuration

  • Each catalog entry represent a key group of the same key type.

  • Each group is identified by its index within the catalog.

  • a key group should not contain keys that have keybitLen < maxKeyBitLen

S32g2 ROM Key

/**  HSE ROM key handles.
  *  The ROM key catalog references keys that are provisioned by NXP and can be used by the host.
  *
  *  @note
  *       - The ROM keys have the following access restriction flags set:
  *      \code
  * 
  *             (#HSE_KF_ACCESS_WRITE_PROT | #HSE_KF_ACCESS_DEBUG_PROT)
  * 
  *      \endcode
  */

/** @brief  This key can be used for data encryption/decryption, having the following usage restrictions:
 * \code
 * 
 * (#HSE_KF_USAGE_ENCRYPT | #HSE_KF_USAGE_DECRYPT)
 * 
 * \endcode */
#define HSE_ROM_KEY_AES256_KEY0       ((hseKeyHandle_t)0x00000000UL)

/** @brief This key  can be used for key derivation and key provisioning, having the following usage restrictions:
 * \code
 * 
 * (#HSE_KF_USAGE_DERIVE | #HSE_KF_USAGE_VERIFY | #HSE_KF_USAGE_ENCRYPT | #HSE_KF_USAGE_DECRYPT | #HSE_KF_USAGE_KEY_PROVISION)
 * 
 * \endcode */
#define HSE_ROM_KEY_AES256_KEY1       ((hseKeyHandle_t)0x00000001UL)

/** @brief This key  can be used for RSA encrypt and signature verify, having the following usage restrictions:
 * \code
 * 
 * (#HSE_KF_USAGE_ENCRYPT | #HSE_KF_USAGE_VERIFY)
 * 
 * \endcode */
#define HSE_ROM_KEY_RSA2048_PUB_KEY2  ((hseKeyHandle_t)0x00000100UL)

/** @brief This key can be used for key provisioning having the following usage restrictions:
 * \code
 * 
 * (#HSE_KF_USAGE_VERIFY | #HSE_KF_USAGE_KEY_PROVISION)
 * 
 * \endcode */
#define HSE_ROM_KEY_ECC256_PUB_KEY3   ((hseKeyHandle_t)0x00000200UL)

S32g2 Key Catalog configuration:

/* S32g2 HSE KEY CATALOG CONFIGURATION */
/* hse nvm key catalog configuration 
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_AES, 5U, HSE_KEY128_BITS },
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_AES, 10U, HSE_KEY256_BITS },
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_HMAC, 5U, HSE_KEY512_BITS },
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_ECC_PAIR, 2U, HSE_KEY256_BITS },
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_ECC_PUB, 2U, HSE_KEY256_BITS },
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_ECC_PUB_EXT, 1U, HSE_KEY256_BITS },
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_RSA_PAIR, 2U, HSE_KEY2048_BITS},
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_RSA_PUB, 2U, HSE_KEY2048_BITS},
{ HSE_ALL_MU_MASK, HSE_KEY_OWNER_CUST, HSE_KEY_TYPE_RSA_PUB_EXT, 1U, HSE_KEY2048_BITS},
{ 0U, 0U, 0U, 0U, 0U }
*/

/* hse ram key catalog configuration 
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_RSA_PUB, 1u, HSE_KEY2048_BITS },
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_AES, 12u, HSE_KEY256_BITS },
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_HMAC, 6u, HSE_KEY512_BITS},
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_ECC_PUB, 1u, HSE_KEY256_BITS},
{0u, 0u, 0u, 0u, 0u}
*/

NVM key catalog (catalog id = 1)

group id

key type

max key size(bits)

number of keys

0

AES

128

5

1

AES

256

10

2

HMAC

512

5

3

ECC_PAIR

256

2

4

ECC_PUB

256

2

5

ECC_PUB_EXT

256

1

6

RSA_PAIR

2048

2

7

RSA_PUB

2048

2

8

RSA_PUB_EXT

2048

1

RAM key catalog (catalog id = 2)

group id

key type

max key size(bits)

number of keys

0

RSA_PUB

2038

1

1

AES

256

12

2

HMAC

512

6

3

ECC_PUB

256

1

上一页[S32G] S32g247's Secure Boot using HSE firmware下一页How S32g verify secure boot image

最后更新于