FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STSAFE - NVM read with host AC

adegrandcourt
Associate

‎2026-02-05 2:01 AM

Hello,

I use a STSAFE-A110 chip on a own board based on STM32 MCU.

As I was unable to integrate the STSAFE library provided by ST on my specific fw, I wrote features whom I need as as echo, generate random, retrieve product data, generate host key, retrieve product data partition, read/update NVM.

All works fine but when I am unable to read a NVM zone with 'host' access condition. NVV zones with no specific AC are well read. Find below configuration of the NVM of my STSAFE chip.

+=======+================+==============+========+==============+========+==============+
| Zone  | Data segment   | Read AC      | Read   | Update AC    | Update | One-way      |
| index | length (bytes) | change right | AC     | change right | AC     | Counter      |
+=======+================+==============+========+==============+========+==============+
|     0 |           1000 |        False | always |         True |  never | False, 0     |
|     1 |            700 |         True | always |         True | always | False, 0     |
|     2 |            600 |        False |   host |         True | always | False, 0     |
|     3 |            600 |         True | always |         True | always | False, 0     |
|     4 |           1696 |         True | always |         True | always | False, 0     |
|     5 |             64 |         True | always |         True | always | True, 499259 |
|     6 |             64 |         True | always |         True | always | True, 500000 |
|     7 |           1578 |         True |   host |         True | always | False, 0     |
+-------+----------------+--------------+--------+--------------+--------+--------------+

Obviously, I put successfully the host MAC key and host cipher keys into the STSAFE-A110’s with PUT_ATTRIBUTE command by following 'Host secure channel setup use case' part in documentation. I used default keys provided in doc for my first tests.

host_key = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF }

cipher_key = { 0x11, 0x11, 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, 0x55, 0x55, 0x66, 0x66, 0x77, 0x77, 0x88, 0x88 }

+==========+==============+
| Host Key | Host CMAC    |
| presence | seq. counter |
+==========+==============+
|     True |           58 |
+----------+--------------+

When I want to read zone #7, by example, I send data below:

<Command (1 byte)><Zone index(2 bytes)><Offset (2 bytes)><Length (2 bytes)><C-MAC (4 bytes)><CRC (2 bytes)>

[8190.214] I2C write
[8190.214] A5 00 07 00 00 00 20 B5 BB E0 01 A9 CD |...... ...... |

But no data in response.

I don't understand what is my problem especially that got status in response seems to be good (0x00).

Is my CMAC wrong?

Do it exists a tool to check firstly my CMAC?

Someone could be help me to understand this?

Labels:
0 Kudos
0 REPLIES 0
Top