11.10. Using own Platform SCP03 KeysΒΆ

The Plug & Trust MW can use PlatformSCP03 keys from file system. The key files for different platforms are defined as:

For Android

#define EX_SSS_SCP03_FILE_DIR "/data/vendor/SE05x/"
#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt"

For Linux

#define EX_SSS_SCP03_FILE_DIR "/tmp/SE05X/"
#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt"

For Windows

#define EX_SSS_SCP03_FILE_DIR "C:\\nxp\\SE05X\\"
#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt"

You need to create a file at this location to allow the MW to pick up the file automatically. Another option is to set the environment variable EX_SSS_BOOT_SCP03_PATH to the complete file path.

The MW will first look for the file at the above path, if it is not able to find the file, it will try to use the environment variable, and lastly, it will fall back to pre-compiled keys.

Note

For Android systems, it is important to update sepolicy to allow access to Platform SCP03 keys directory. Refer to AOSP setup Section 11.5.6.2.1 AOSP build Environment for Hikey960 for details on required system patches.

It is advisable to create a file at this location to allow MW to use those keys instead of pre-compiled keys as the user can also rotate the keys in which case if the MW was using pre-compiled keys, all further operations will fail.

An example of file format is:

# This is a comment, empty lines and comment lines allowed.
ENC 35C256458958A34F6136155F8209D6CD # Trailing comment
MAC AF177D5DBDF7C0D5C10A05B9F1607F78 # Optional trailing comment
DEK A1BC8438BF77935B361A4425FE79FA29 # Optional trailing comment

Replace the ENC, MAC and DEK keys with your own keys.

For information on rotating Platform SCP03 keys, refer to Section 5.7.6 SE05X Rotate PlatformSCP Keys Demo