FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SHCI_C2_FUS_LoadUsrKey doesn't load AES1 key registers

oga
Associate III

‎2025-03-03 8:29 AM - edited ‎2025-03-03 8:34 AM

Hi all

I'm working on a STM32WB55 nucleo board

I'm designing a simple Signing procedure

At beginning I've try that every thing ok by using a hard codded key and now I want to switch on a key kept secure in FUS zone

I've load 2 256 bits AES keys into FUS user Key secure zone first time with a custom app that will be loaded in prod to set all default keys

second time I've try by cube programmer

I've based my procedure on CKS example

- call HAL_CRYP_DeInit() to clear all AES regs and context

- setup handle.init structure : I'm initializing for a 32 bytes buffer input and AES CBC mode

- call HAL_CRYP_Init() and keeping AES key to NULL (to avoid HAL_CRYP_Encrypt() call overwrite AES KEY registers

- call SHCI_C2_FUS_LoadUsrKey() with the good key index

- call HAL_CRYP_Encrypt() 

- finaly unload the key etc ... 

if I use 1 or 2 as index SHCI_C2_FUS_LoadUsrKey() is responding SHCI_Success

if I use another index not previously set with a key it's answering SHCI_FUS_CMD_NOT_SUPPORTED

it makes me feel that keys have been correctly wrote to FUS secure zone and when I ask wireless stack to bring me back the keys it's understanding what I'm willing

unfortunately after SHCI_C2_FUS_LoadUsrKey() call noting is wrote into AES KEYR*

I've surely missed something but can't figure what

here you can find my piece of code

 

// get the SHA_256 hash of FW binary image
	SIG_HASH_INIT(&hasher);
	SIG_HASH_UPDATE(&hasher,BOOTLOADER_START_APP_ADDRESS,Bootloader_shared_infos_RAM.fwByteSize);
	SIG_HASH_DIGEST(&hasher,Bootloader_shared_infos_RAM.Computed_key);
//	uint32_t key[]={0x00000000,0x00000000,0x00000000,0x00000000,
//					0x00000000,0x00000000,0x00000000,0x00000000};
	uint32_t iv[] ={Bootloader_shared_infos_RAM.Descriptor,Bootloader_shared_infos_RAM.Descriptor,Bootloader_shared_infos_RAM.Descriptor,Bootloader_shared_infos_RAM.Descriptor};
	hcryp1.Instance = AES1;
	if (HAL_CRYP_DeInit(&hcryp1) != HAL_OK)
		return RETURN_ERROR;
	hcryp1.Init.DataType      = CRYP_DATATYPE_8B;
	hcryp1.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
	hcryp1.Init.KeySize       = CRYP_KEYSIZE_256B;
	hcryp1.Init.Algorithm     = CRYP_AES_CBC;
	//hcryp1.Init.pKey          = key; /* Key will be provided by CKS service */
	hcryp1.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_WORD;
	hcryp1.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;
	hcryp1.Init.pInitVect     = iv;
	if (HAL_CRYP_Init(&hcryp1) != HAL_OK)
		return RETURN_ERROR;
	printf("load Bootloader Key :");
	SHCI_CmdStatus_t res=SHCI_C2_FUS_LoadUsrKey(1);
	print_SHCI_CmdStatus_t(res);
	uint8_t cyphered[BOOTLOADER_APP_SIGNATURE_SIZE];
	if (HAL_CRYP_Encrypt(&hcryp1, Bootloader_shared_infos_RAM.Computed_key, BOOTLOADER_APP_SIGNATURE_SIZE,cyphered, 0xFF) != HAL_OK)
	    return RETURN_ERROR;

 

thanks for any idea that would come to your mind

 

Labels:
0 Kudos
0 REPLIES 0
Top