KW45使用SPSDK進(jìn)行代碼更新和debug authentication指南
1. 問(wèn)題背景
KW45是繼KW38的下一代BLE芯片,符合 BLE5.3標(biāo)準(zhǔn),最多可同時(shí)支持24個(gè)安全連接。在KW系列中KW45首次采用三核架構(gòu):一個(gè)96MHz的CM33應(yīng)用核、一個(gè)處理Radio相關(guān)任務(wù)的CM3內(nèi)核和一個(gè)專(zhuān)門(mén)處理加密安全稱(chēng)為EdgeLock(類(lèi)似HSM)M0+核。其中CM3內(nèi)核用于處理BLE controller相關(guān)的任務(wù), CM33內(nèi)核可以更專(zhuān)注于處理BLE Host層,GATT層和應(yīng)用相關(guān)的任務(wù),除此之外CM3內(nèi)核還擁有獨(dú)立的Flash和SRAM資源,不占用芯片本身內(nèi)置的1M Flash和128K RAM,從而可以將CM33主核上的內(nèi)存資源和處理資源釋放給用戶(hù)應(yīng)用空間。EdgeLock類(lèi)似HSM的功能,提供常見(jiàn)AES/ECC/RSA等對(duì)稱(chēng)非對(duì)稱(chēng)加解密的硬件加速、密鑰存儲(chǔ)操作和安全生命周期管理,最大限度地減少了主核工作量。
盡管架構(gòu)更復(fù)雜,但因?yàn)楹髢烧叩能浖怯尚酒瑥S(chǎng)商提供,無(wú)需用戶(hù)開(kāi)發(fā),所以并沒(méi)有額外增加多少工作量,其和以前KW3X系列一個(gè)最大不同是,CM3的軟件也稱(chēng)為NBU需要用戶(hù)自行燒錄(這也就是為何常有客戶(hù)反饋?zhàn)约鹤龅陌遄舆\(yùn)行無(wú)線(xiàn)相關(guān)的例子運(yùn)行時(shí)總是卡在一個(gè)地方的原因),之所以這塊沒(méi)有固化在芯片內(nèi)內(nèi)部有兩方面考慮,一方面方便用戶(hù)更新支持到更新的BLE feature,例如說(shuō)channel sounding,而一方面方便用戶(hù)可以對(duì)官方提供的NBU Image 進(jìn)行個(gè)性化的簽名,防止未認(rèn)證的惡意代碼啟動(dòng),從而增加系統(tǒng)安全等級(jí)。所以這里就需要工具完成密鑰的生成,image的加密,加密image的燒錄過(guò)程,為方便用戶(hù),原廠(chǎng)提供了一套開(kāi)源的SPSDK腳本方便用戶(hù)使用,但牽涉到環(huán)境搭建,尤其有很多Key的生成,對(duì)新手來(lái)說(shuō)有些挑戰(zhàn),本文第4章節(jié)會(huì)給出一個(gè)step by step的教程,方便開(kāi)發(fā)者更系統(tǒng)的去看每一個(gè)步驟在做什么,需要修改什么,先解決怎么做的問(wèn)題,至于為什么這么做,每個(gè)Key的作用需要用戶(hù)結(jié)合RM手冊(cè)去查看。同時(shí)隨著信息安全越來(lái)越受到重視,很多產(chǎn)品量產(chǎn)后會(huì)考慮臨時(shí)禁止調(diào)試口,在需要時(shí)通過(guò)特定的方式再去使能,對(duì)應(yīng)到KW45就是debug authentication,RM文檔更多從原理性介紹,給出的是JTAG操作偽指令,至于如何在SPSDK中實(shí)現(xiàn)未有提及,本文會(huì)在第5章節(jié)重點(diǎn)介紹相關(guān)實(shí)操。
2. SPSDK概覽
SPSDK的全稱(chēng)是Secure Provisioning SDK,它是一個(gè)統(tǒng)一、可靠且易于使用的Python SDK 庫(kù),適用于NXP MCU 產(chǎn)品組合,客戶(hù)幫助客戶(hù)快速完成從原型設(shè)計(jì)到生產(chǎn)部署的整個(gè)過(guò)程。該庫(kù)允許用戶(hù)與設(shè)備連接和通信、配置設(shè)備、準(zhǔn)備、下載和上傳數(shù)據(jù)(包括安全操作)。
在SPSDK包中,提供了以下兩種方式供用戶(hù)使用:
應(yīng)用程序:用戶(hù)可以使用 Python虛擬環(huán)境命令行或者Jupyter Notebook(推薦方式)調(diào)用各個(gè)應(yīng)用程序;
API接口:以Python 庫(kù)的形式提供,方便用戶(hù)或者工具廠(chǎng)商增加自定義功能和自定義安全部署;
3. 準(zhǔn)備工作:
安裝Python3.7,建議使用3.7-3.11版本,不支持Python2.x;
安裝SPSDK,可以直接在cmd中完成;
安裝jupyter
d: cdD:YU_IOTKW45_3SPSDK D:YU_IOTKW45_3SPSDK>python-mvenvspsdk_pyenv D:YU_IOTKW45_3SPSDK>spsdk_pyenvScriptsactivate D:YU_IOTKW45_3SPSDK>python-mpipinstall--upgradepip D:YU_IOTKW45_3SPSDK>pipinstallspsdk D:YU_IOTKW45_3SPSDK>spsdk--help D:YU_IOTKW45_3SPSDK>pip3installjupyter #以上spsdk和jupyter的安裝需在Python虛擬環(huán)境啟動(dòng)后進(jìn)行,否則安裝無(wú)效;
下載spsdk源文件或者AN13883的附件,兩者大同小異,此筆記以后者為示例。
spsdk源文件:https://spsdk.readthedocs.io/en/latest/spsdk.html
AN13883源文件:
4. 在ISP下載KW45 Radio firmware過(guò)程
OEM公私鑰和證書(shū)文件的生成
SB3文件的生成
image燒錄過(guò)程
D:YU_IOTKW45_3SPSDK>spsdk_pyenvScriptsactivate (spsdk_pyenv)D:YU_IOTKW45_3SPSDK>cdD:YU_IOTKW45_3SPSDKAN13883SWAN_SPSDK (spsdk_pyenv)D:YU_IOTKW45_3SPSDKAN13883SWAN_SPSDK>jupyter-lab
此后,會(huì)有一個(gè)Jupyter的網(wǎng)頁(yè)交互產(chǎn)生,如下圖,然后就是傻瓜式的step by step執(zhí)行腳本。
詳細(xì)步驟如下:
4.1. RoTKs 和ISK的生成
此過(guò)程會(huì)生成4對(duì)RoTKs (Root of Trust Keys) 和1對(duì)ISK (Image Signing Certificate), ISK是可選的,會(huì)在生成SB3文件時(shí)選擇是否使用。
#generateprivatekeybasedonsecp384r1curve-ROTK0 ROTK0_PRIVATE_KEY_PATH=WORKSPACE+"ec_pk_secp384r1_cert0.pem" ROTK0_PUBLIC_KEY_PATH=WORKSPACE+"ec_pk_secp384r1_cert0.pub" %!nxpcrypto$VERBOSITYkeygenerate-ksecp384r1$ROTK0_PRIVATE_KEY_PATH--force assert_exit_code==0 #verifythatkeysweregenerated assertos.path.exists(ROTK0_PRIVATE_KEY_PATH) assertos.path.exists(ROTK0_PUBLIC_KEY_PATH) .....
4.2. X509證書(shū)生成的yml模板生成
#obtainatemplateforrootcertROTK0 ROOT0_CERT_CONFIG_PATH=WORKSPACE+"cert0_template.yml" %!nxpcrypto$VERBOSITYcertget-cfg-template$ROOT0_CERT_CONFIG_PATH--force assert_exit_code==0
證書(shū)模板如下,包括issue,subject,證書(shū)序列號(hào)、有效期、簽發(fā)使用的私鑰,對(duì)應(yīng)公鑰等信息,更多證書(shū)格式信息可以參考https://github.com/pyca/cryptography,cryptography/src/cryptography/x509/oid.py
issuer: COMMON_NAME: NXP COUNTRY_NAME: CZ LOCALITY_NAME: Roznov pod Radhostem STATE_OR_PROVINCE_NAME: Morava STREET_ADDRESS: 1.maje 1009 ORGANIZATION_NAME: SPSDK Team # ============================================== # Subject identification fields # ============================================== # All available option can be found within class NameOID in # cryptography/src/cryptography/x509/oid.py at https://github.com/pyca/cryptography subject: COMMON_NAME: NXP - SPSDK COUNTRY_NAME: CZ LOCALITY_NAME: Roznov pod Radhostem STATE_OR_PROVINCE_NAME: Morava STREET_ADDRESS: 1.maje 1009 ORGANIZATION_NAME: SPSDK Team POSTAL_CODE: 756 61 # ============================================== # The certificate settings # ============================================== # Path, where issuer private key is stored issuer_private_key: issuer_key.pem # Path, where subject public key is stored subject_public_key: subject_key.pub # Serial number of certificate serial_number: 12346578 # Validity duration in days duration: 3650 # ============================================== # Certificate basic extensions # ============================================== extensions: BASIC_CONSTRAINTS: # Delegate certificate as a signing authority to create an intermediate certificates. ca: false # Valid values true|false # Integer length of the path of certificate signature from a given certificate, back to the root certificate path_length: 0
4.3. 正式證書(shū)生成
#Generaterootcertificates0 %!nxpcrypto$VERBOSITYcertgenerate-c$ROOT0_CERT_CONFIG_PATH-o$ROOT_0_CERT_PATH--force assert_exit_code==0 #Generaterootcertificates1 %!nxpcrypto$VERBOSITYcertgenerate-c$ROOT1_CERT_CONFIG_PATH-o$ROOT_1_CERT_PATH--force assert_exit_code==0 #Generaterootcertificates2 %!nxpcrypto$VERBOSITYcertgenerate-c$ROOT2_CERT_CONFIG_PATH-o$ROOT_2_CERT_PATH--force assert_exit_code==0 #Generaterootcertificates3 %!nxpcrypto$VERBOSITYcertgenerate-c$ROOT3_CERT_CONFIG_PATH-o$ROOT_3_CERT_PATH--force assert_exit_code==0 #GenerateISKcertificate %!nxpcrypto$VERBOSITYcertgenerate-c$ISK_CERT_CONFIG_PATH-o$ISK_CERT_PATH--force assert_exit_code==0
如下是cert0的內(nèi)容,但是因?yàn)槠涫莃ase64編碼,不方便查看,如果有興趣可以通過(guò)Openssl去讀取證書(shū)的信息和yml文件對(duì)照。
opensslx509-incacert.pem-noout-text #openssl在Git安裝后可以直接使用
4.4 對(duì)稱(chēng)密鑰SB3KDK生成
該Key用于加密SB3 key block,會(huì)被program到fuse,后續(xù)無(wú)法再次修改,該生成步驟也可以放在前面去執(zhí)行。
importos,binascii SB3KDK_KEY_PATH=WORKSPACE+"sb3kdk.txt" withopen(SB3KDK_KEY_PATH,"wb")asf: f.write(binascii.b2a_hex(os.urandom(32))) assertos.path.exists(SB3KDK_KEY_PATH)
4.5. SB3配置文件生成
該步驟會(huì)使用到SPSDK的npximage.exe應(yīng)用程序
WORKSPACE="workspace/"#changethistopathtoyourworkspace VERBOSITY="-v"#verbosityofcommands,mightbe-vor-vvfordebugorblankfornoadditionalinfo SB31_TEMPLATE_PATH=WORKSPACE+"sb31_config.yml" %!nxpimage$VERBOSITYsb31get-template-fkw45xx-o$SB31_TEMPLATE_PATH assert_exit_code==0 assertos.path.exists(SB31_TEMPLATE_PATH)
需要注意的是:
需要手動(dòng)注釋掉binaryCertificateBlock: my_isk_cert.bin,否則會(huì)后面SB3正式生成時(shí)會(huì)報(bào)錯(cuò)。
useIsk: false意味著沒(méi)有使用ISK,需要修改配置文件
#binaryCertificateBlock:my_isk_cert.bin commands: -erase: address:'0x48800000' size:'0x30000' -load: address:'0x48800000' file:kw45b41_nbu_ble_hosted_04.xip containerConfigurationWord:0 containerKeyBlobEncryptionKey:workspace/sb3kdk.txt containerOutputFile:sb3.sb3 description:384_none_nbu_only family:kw45xx firmwareVersion:0 isNxpContainer:false iskSignProvider:type=file;file_path=my_isk_prv_key.pem kdkAccessRights:3 mainRootCertId:0 mainRootCertPrivateKeyFile:workspace/ec_pk_secp384r1_cert0.pem rootCertificate0File:workspace/ec_secp384r1_cert0.pem rootCertificate1File:workspace/ec_secp384r1_cert1.pem rootCertificate2File:workspace/ec_secp384r1_cert2.pem rootCertificate3File:workspace/ec_secp384r1_cert3.pem rootCertificateEllipticCurve:secp384r1 signingCertificateConstraint:0 useIsk:false
4.6 SB3文件的生成
上面已經(jīng)生成了證書(shū)和key,按照sb31_config.yml 的配置生成
%!nxpimage$VERBOSITYsb31export$SB31_TEMPLATE_PATH assert_exit_code==0 assertos.path.exists(WORKSPACE+SB31_FILE_PATH) INFOSB3KDK:9e1432fc4869435ee6f396dccba9595933c8d1d2ad40385927f3a8b9f58162d7 INFORoTKTH:5e03e6649294d19fa31b19e17895184dc16149e5c2748bc394db46249a6ef29ca1f14dcd67169d7744c5c1a9025b981a
4.7 SB3KDK和ROTKH的燒錄(研發(fā)階段可跳到此步驟)
在NXP demo板芯片內(nèi)已經(jīng)預(yù)燒錄了SB3KDK和ROTKTH,所以可以直接跳到這個(gè)步驟。
把J25連到2-3,按住SW4,重新上電
修改串口號(hào),嘗試連接
#choosecomport UART_CONNECTION="-pcom14" %!blhost$UART_CONNECTIONget-propertycurrent-version assert_exit_code==0
fuses with keys/RoTKTH
此過(guò)程是不可逆的,強(qiáng)烈建議在研發(fā)階段使用NXP提供的默認(rèn)SB3KDK和ROTKTH;
#Increasevoltageforfuseburning %!blhost$UART_CONNECTIONset-property0x161 #programSB3KDK(CUST_PROD_OEMFW_ENC_SK) #putvalueSB3KDKgeneratedbynxpimage #%!blhost$UART_CONNECTIONfuse-program0x20[["SubstitutethiscommentbytheSB3KDKgeneratedkeyoutputinsectionSB3.1generation.Examplebelow."]] #exampleline:%!blhost$UART_CONNECTIONfuse-program0x20[[7aa7ef9813b3561257b8837dab26225301df3511217f2733c71dadcd447722d1]] %!blhost$UART_CONNECTIONfuse-program0x20[[7aa7ef9813b3561257b8837dab26225301df3511217f2733c71dadcd447722d1]] #programRoTKTH(CUST_PROD_OEMFW_AUTH_PUK) #putvalueRoTKTHgeneratedbynxpimage #%!blhost$UART_CONNECTIONfuse-program0x1F[["SubstitutethiscommentbytheRoTKTHgeneratedkeyoutputinsectionSB3.1generation.Examplebelow."]] #exampleline:%!blhost$UART_CONNECTIONfuse-program0x1F[[650d8097079ff27a3e8a2da14781b922fd8295b6c00bfa067f00e87f1a16b8b304bf710d45cbd591e2e24be83183922c]] %!blhost$UART_CONNECTIONfuse-program0x1F[[650d8097079ff27a3e8a2da14781b922fd8295b6c00bfa067f00e87f1a16b8b304bf710d45cbd591e2e24be83183922c]] #ProgramTZM_ENfuse,thisfusewasmissedduringmanufacturingoffirstKW45samples.WithoutTZM_ENfuseset,theS3MUAsemaphoreisnotworkingproperlyandaftergettingofownership,thewriteaccesstoTRregistercausingBUSFault.IfS3MUAsemaphoreisnotusedduringcommunicationwithS3MUA(e.g.onlyonethreadiscommunicatingwithS3MUA(EdgeLock)),thenTZM_ENfusecanremain0. %!blhost$UART_CONNECTIONfuse-program0xD[[01]] #Setvoltagetonormalvalue %!blhost$UART_CONNECTIONset-property0x160
4.8 SB3文件燒錄
此步驟需要在ISP模式下執(zhí)行,即把J25連到2-3,按住SW4,重新上電
#uploadsSB3.1 SB31_FILE_FINAL=WORKSPACE+SB31_FILE_PATH assertos.path.exists(SB31_FILE_FINAL) %!blhost$UART_CONNECTIONreceive-sb-file$SB31_FILE_FINAL assert_exit_code==0
至此,生成加密簽名文件的工作結(jié)束。
5. Debug authentication實(shí)現(xiàn)步驟
在做Debug authentication之前,需要大概了解下KW45啟動(dòng)的過(guò)程,如下圖,在啟動(dòng)后,會(huì)先去檢查用戶(hù)是否使能dual image啟動(dòng),如果是就去運(yùn)行最新版本,如果不是就會(huì)先去Boot image base address處去查看是否有有效的PC和SP,對(duì)于KW45來(lái)說(shuō)如果未使能dual image這個(gè)地址就是0x00。如果PC和SP有效就會(huì)先去對(duì)用戶(hù)應(yīng)用程序驗(yàn)簽,如果失敗,就會(huì)回到ISP模式,如果用戶(hù)應(yīng)用程序驗(yàn)簽通過(guò),ROM就會(huì)繼續(xù)對(duì)NBU進(jìn)行驗(yàn)簽,如果驗(yàn)簽通過(guò)才會(huì)真正進(jìn)入到客戶(hù)正常應(yīng)用程序。
而Debug authentication是貫穿在上面整個(gè)過(guò)程中的,需要在每一個(gè)步驟都能進(jìn)行debug。前文提到,Debug authentication的目的是在量產(chǎn)禁止JTAG仿真器接口后,通過(guò)證書(shū)認(rèn)證方式再去打開(kāi)Debug口的訪(fǎng)問(wèn)權(quán)限,所以如果想去使能這個(gè)功能就需要做些額外的操作,譬如說(shuō)將lifecycle推進(jìn)到OEM secure world,生成debug authentication的證書(shū),輸入命令等,如下分別講述。
5.1 關(guān)閉JTAG調(diào)試功能,
OEM Open->OEM Secure World Close模式
實(shí)現(xiàn)方式有兩種:第一種借助于單獨(dú)的blhost程序,第二種使用SPSDK中的app實(shí)現(xiàn)
::Increasevoltageforfuseburning
..inlhost.exe-pCOM14set-property0x161
::programSB3KDK(CUST_PROD_OEMFW_ENC_SK)
..inlhost.exe-pCOM14--fuse-program0x20"{{7aa7ef9813b3561257b8837dab26225301df3511217f2733c71dadcd447722d1}}"
::programRoTKTH(CUST_PROD_OEMFW_AUTH_PUK)
..inlhost.exe-pCOM14--fuse-program0x1F"{{650d8097079ff27a3e8a2da14781b922fd8295b6c00bfa067f00e87f1a16b8b304bf710d45cbd591e2e24be83183922c}}"
::ProgramTZM_ENfuse,thisfusewasmissedduringmanufacturingoffirstKW45samples.WithoutTZM_ENfuseset,theS3MUAsemaphoreisnotworkingproperlyandaftergettingofownership,thewriteaccesstoTRregistercausingBUSFault.IfS3MUAsemaphoreisnotusedduringcommunicationwithS3MUA(e.g.onlyonethreadiscommunicatingwithS3MUA(EdgeLock)),thenTZM_ENfusecanremain0.
..inlhost.exe-pCOM14--fuse-program0xD"{{1}}"
::Setvoltagetonormalvalue
..inlhost.exe-pCOM14set-property0x160
成功后可以回讀0x0A fuse地址,查看當(dāng)前l(fā)ifecycle狀態(tài),成功后如果使用Jlink去連接顯示如下Secure debug disabled:
5.2 生成DC使用的公私鑰對(duì)
#generateprivatekeybasedonsecp384r1curve-Debug ROTK0_Debug_PRIVATE_KEY_PATH=WORKSPACE+"ec_pk_secp384r1_cert0_debug.pem" ROTK0_Debug_PUBLIC_KEY_PATH=WORKSPACE+"ec_pk_secp384r1_cert0_debug.pub" %!nxpcrypto$VERBOSITYkeygenerate-ksecp384r1$ROTK0_Debug_PRIVATE_KEY_PATH--force assert_exit_code==0 #verifythatkeysweregenerated assertos.path.exists(ROTK0_Debug_PRIVATE_KEY_PATH) assertos.path.exists(ROTK0_Debug_PUBLIC_KEY_PATH)
5.3 DC證書(shū)模板生成
#obtainatemplatefordebugcert DC_CONFIG_PATH=WORKSPACE+"DC.yml" %!nxpdebugmboxget-template-f$DC_CONFIG_PATH assert_exit_code==0
#Copyright2023NXP # #SPDX-License-Identifier:BSD-3-Clause #DCBlockstructure #============================================ #============================================ #============================================ #===Version=== #============================================ #===SocClass=== #============================================ #===UUID=== #============================================ #===RoTMetaSHA256offollowing:=== #===RoTKey0SHA256=== #===RoTKey1SHA256=== #===RoTKey2SHA256=== #===RoTKey3SHA256=== #============================================ #===DebuggerKeyDCK(Pub):=== #===Mod:2048Exp:32=== #============================================ #===CCSOCU=== #============================================ #===CCVU=== #============================================ #===CB=== #============================================ #===RoTKey(pub)=== #===Mod:2048Exp:32=== #============================================ #============================================ #===Signatureofallblock=== #===SHA256ofwholeblock=>RSA(RoTK)=== #============================================ #============================================ #============================================ #============SoCClass============ #AuniqueidentifierforasetofSoCsthatrequirenoSoC-specificdifferentiationin #theirdebugauthentication.Themainusageistoallowadifferentsetofdebug #domainsandoptionstobenegotiatedbetweenthedeviceconfigurationand #credentials.AclasscancontainjustasinglerevisionofasingleSoCmodel,ifthe #granularityofdebugcontrolwarrantsit. #Exampleslistofpossiblesettings: #0x0000:i.MXRT595,i.MXRT685, #0x0001:LPC550x,LPC55s0x,LPC551x,LPC55s1x,LPC552x,LPC55s2x,LPC55s6x #0x0004:LPC55s3x,RW61x #0x0005:KW45xx/K32W1xx #0x0006:MCXN9xx(A0) #0x0007:MCXN9xx(A1) #0x000A:RW61x(A2) #0x5254049C:i.MXRT118x socc:0x0005 #============DeviceUUID============ #128-bitIETFRFC4122compliantnon-sequentialUniversallyUniqueIdentifier(UUID) uuid:"00000000000000000000000000000000" #============SoCUsage============ #ACC(constraint)valuethatisabitmask,andwhosebitsareusedinan #SoCC-specificmanner.Thesebitsaretypicallyusedforcontrollingwhichdebug #domainsareaccessedviatheauthenticationprotocol,butdevice-specificdebug #optionscanbemanagedinthiswayalso. cc_socu:0xFFFF #============VendorUsage============ #ACC(constraint)valuethatisopaquetothedebugauthenticationprotocolitselfbut #whichcanbeleveragedbyvendorsinproduct-specificways. cc_vu:0 #============CredentialBeacon&Authenticationbeacon============ #Avaluethatispassedthroughtheauthenticationprotocol,whichisnotinterpreted #bytheprotocolbutisinsteadmadevisibletotheapplicationbeingdebugged.A #credentialbeaconisassociatedwithaDCandisthereforevendor/RoT-signed.An #authenticationbeaconisprovidedandsignedbythedebuggerduringthe #authenticationprocess. cc_beacon:0 #============RoTmeta-data============ #TheRoTmeta-datarequiredbythedevicetocorroborate;theROTIDsentinthe #DAC,thefieldinthisDC,andanyadditionalRoTstatethatisnotstoredwithinthe #device.ThisallowsdifferentRoTidentification,managementandrevocation #solutionstobehandled. rot_meta: -../kw45_debug_auth/secp384r1_private_key0.pub -../kw45_debug_auth/secp384r1_private_key1.pub -../kw45_debug_auth/secp384r1_private_key2.pub -../kw45_debug_auth/secp384r1_private_key3.pub #============RoTIdentifier============ #RoTIDallowsthedebuggertoinferwhichRoTpublickey(s)areacceptabletothe #device.Ifthedebuggercannotordoesnotprovidesuchacredential,the #authenticationprocesswillfail. rot_id:0 #============DebugCredentialKey============ #Auser-ownedkeypair.ThepublicpartofthekeyisassociatedwithaDC,the #privatepartisheldbytheuserandusedtoproducesignaturesduring #authentication. dck:../kw45_debug_auth/secp384r1_private_dck.pub #================================================================================================== #Signatureconfigurationarea #================================================================================================== #TherearetwowayshowsignthefinalDCdatablob. # #1.Incasethatyouisavailableprivatepairforrot_metawithindexrot_idjustusefirstsimplestyle #touseitbyrotkkey.Asasecondwaytodosameisusesign_provider(orsignProvider-bothareaccepted)optionwith'type=file'. # #2.ForcasethatDebugCredentialfilesaregeneratedinuntrustedenvironment(withoutaccesstoRoTprivatekeys), #thereisoptiontouseplugin(examplehowtocreateownpluginisin:./SPSDK/examples/dat/hsm/).Theplugin #hassimpleinterfacethatallowshandleDCdatablobintopluginwithindexofRoTmetapublickeytogetbacksigned #DCimage. # #Thoseoptionsareexclusive,soonlyoneoptioncouldbeusedtosigntheDC. #============SignatureProvider============ #Tousesigningproviderexamples # #sign_provider:'type=file;file_path=./hsm/k0_cert0_2048.pem' #sign_provider::'type=sasp;key_number=0' #============RoTsignatureprivatekey============ #PrivatekeyforfortheRoTmetachosenbyrot_idtosigntheimage. rotk:../kw45_debug_auth/secp384r1_private_key0.pem
此處的公鑰是NXP生成的默認(rèn)值,這個(gè)是客戶(hù)拿不到的
5.4 DC證書(shū)生成
%!nxpdebugmbox-p2.1gendc-cD:YU_IOTKW45_3SPSDKdebug_authenworkspacecert0_template_debug.ymlD:YU_IOTKW45_3SPSDKdebug_authenworkspacedebug_authen.cert1 %!nxpdebugmbox-p2.1gendc-cD:YU_IOTKW45_3SPSDKdebug_authenkw45_debug_auth est.ymlD:YU_IOTKW45_3SPSDKdebug_authenkw45_debug_auth est.cert
5.5 Debug認(rèn)證過(guò)程
nxpdebugmboxstart nxpdebugmbox-v-p2.1-ijlinkauth-b0x0–cD:YU_IOTKW45_3SPSDKdebug_authenworkspacedebug_authen.cert–kD:YU_IOTKW45_3SPSDKdebug_authenkw45_debug_authsecp384r1_private_dck.pem nxpdebugmbox-v-p2.1-ijlinkauth-b0x0–cD:YU_IOTKW45_3SPSDKdebug_authenkw45_debug_auth est.cert–kD:YU_IOTKW45_3SPSDKdebug_authenkw45_debug_authsecp384r1_private_dck.pem
執(zhí)行debug authen的命令和步驟如下,可以看到在debug authen成功后會(huì)顯示successful。
此時(shí)再去用Jlink嘗試連接KW45,會(huì)顯示secure debug enabled.
6. 總結(jié)
至此,完成了對(duì)在ISP下KW45 Radio firmware下載過(guò)程和Debug authentication實(shí)現(xiàn)步驟的講解。以上步驟確實(shí)比較多,筆者也摸索了好久,但熟悉其原理和每一步的執(zhí)行目的后,可以簡(jiǎn)化成幾個(gè)自定義的腳本,在開(kāi)發(fā)階段建議使用NXP默認(rèn)的Key和證書(shū),在量產(chǎn)階段再根據(jù)自定義的key和證書(shū)做自定義。
審核編輯:湯梓紅
-
芯片
+關(guān)注
關(guān)注
459文章
52169瀏覽量
436093 -
mcu
+關(guān)注
關(guān)注
146文章
17832瀏覽量
360336 -
內(nèi)核
+關(guān)注
關(guān)注
3文章
1409瀏覽量
41093 -
代碼
+關(guān)注
關(guān)注
30文章
4886瀏覽量
70251 -
DEBUG
+關(guān)注
關(guān)注
3文章
94瀏覽量
20368
原文標(biāo)題:KW45使用SPSDK進(jìn)行代碼更新和debug authentication指南
文章出處:【微信號(hào):pzh_mcu,微信公眾號(hào):痞子衡嵌入式】歡迎添加關(guān)注!文章轉(zhuǎn)載請(qǐng)注明出處。
發(fā)布評(píng)論請(qǐng)先 登錄
KW45通過(guò)32MHz晶振電容調(diào)節(jié)時(shí)鐘頻率
HAL_RpmsgMcmgrInit()程序失控的原因?
kw45卡在Host_Task的原因?
首次使用KW45(汽車(chē)門(mén)禁)或K32W1(物聯(lián)網(wǎng)/工業(yè))構(gòu)建PCB的最佳方式是什么?
如何將Kw45 is值轉(zhuǎn)換為dBm結(jié)果?
用于VDD_RF的KW45內(nèi)部VPA源,以確保我們可以偏置10dBm目標(biāo),如何實(shí)現(xiàn)?
KW45板CAN收發(fā)器靜默模式下未接收到CAN Rx中斷是怎么回事?
如何使用SPSDK對(duì)i.MX RT685EVK進(jìn)行編程?
求助,關(guān)于KW45芯片半雙倍模式的SPI配置問(wèn)題
使用DRaaS測(cè)試操作系統(tǒng)更新和新代碼版本
創(chuàng)建KW45B41Z/K32W148固件更新圖像使用的編程工具
使用SPSDK通過(guò)ISP更新KW45無(wú)線(xiàn)電固件
工商網(wǎng)監(jiān)
評(píng)論