5.13.2. Key Rotation using PUF

This example demonstrates how to use PUF to manage PlatformSCP keys and rotate the keys using PUF. For details on PUF and usage with LPC55S, refer to SCP03 with PUF.

Before running this example, be sure that correct PlatformSCP keys are already provisioned in PUF. For details on how to provision keys in PUF, refer Section 5.13.1 Key Injection to PUF.

In this example, we first open a session with default PlatformSCP keys and perform an RNG operation, then we rotate the keys in SE and PUF, reopen session with new keys and perform RNG operation again to demonstrate that the keys have been rotated. Finally, we revert to the old keys.

Warning

We are using randomized keys for key rotation. Make sure that the demo runs completely without any power interruptions. In case of failure, SE050 could be using the new keys and re-running the demo will fail.

5.13.2.1. Pre-requisites

5.13.2.2. How to build

Make sure that you compile the secure example first. The non-secure example links to the secure example.

Compile the secure example with the following CMake options:

  • Host=lpcxpresso55s_s

  • SCP=SCP03_SSS

  • SE05X_Auth=PlatfSCP03

  • Project:puf_rotate_scp03_s

Compile the non-secure example with the following CMake options:

  • Host=lpcxpresso55s_ns

  • SCP=SCP03_SSS

  • SE05X_Auth=PlatfSCP03

  • Project:puf_rotate_scp03_ns

5.13.2.3. How to run

Follow the steps given below to flash secure and non-secure binaries on LPC55S board.

  1. Import secure and non-secure projects into MCUXpresso IDE

    ../../../../_images/import_projects.jpg
  2. Update Makefile target for both projects

    ../../../../_images/update_makefile.jpg
  3. Build the projects.

    ../../../../_images/build_project.jpg

    Note

    Be sure that you build the secure project first and then the non-secure project.

  4. Start GUI Flash Tool

    Note

    You can program the binary by debugging the project also. If you want to debug, go to step 6.

    ../../../../_images/gui_flash_tool.jpg
  5. On successful operation you should see the following message

    ../../../../_images/flashed.jpg
  6. To start debugging into the project, simply select the project that you want to debug and press the Debug button in QuickStart Menu.

    ../../../../_images/start_debug.jpg
  7. Make sure that in the Debug Configuration under GUI Flash Tool tab, you have selected Program.

    ../../../../_images/program_only.jpg

Perform the last two steps for both the projects (order does not matter). While debugging, flash the program that you want to debug second.

When you have flashed both the projects, reset the board. On successful execution you would be able to see the following log in terminal

App   :INFO :PlugAndTrust_v02.15.00_20200522
sss   :INFO :atr (Len=35)
                01 A0 00 00     03 96 04 03     E8 00 FE 02     0B 03 E8 00
                01 00 00 00     00 64 13 88     0A 00 65 53     45 30 35 31
                00 00 00
sss   :INFO :atr (Len=35)
                01 A0 00 00     03 96 04 03     E8 00 FE 02     0B 03 E8 00
                01 00 00 00     00 64 13 88     0A 00 65 53     45 30 35 31
                00 00 00
App   :INFO :Applet selection successful!
App   :INFO :Random test 1 was successful, with default SCP03 keys!
sss   :INFO :atr (Len=35)
                01 A0 00 00     03 96 04 03     E8 00 FE 02     0B 03 E8 00
                01 00 00 00     00 64 13 88     0A 00 65 53     45 30 35 31
                00 00 00
App   :INFO :Applet deselection successful!
App   :INFO :Key Rotation was successful!
sss   :INFO :atr (Len=35)
                01 A0 00 00     03 96 04 03     E8 00 FE 02     0B 03 E8 00
                01 00 00 00     00 64 13 88     0A 00 65 53     45 30 35 31
                00 00 00
App   :INFO :Applet selection successful!
App   :INFO :Applet is now using PUF keys!
App   :INFO :Random test 2 was successful, with new PUF keys!
sss   :INFO :atr (Len=35)
                01 A0 00 00     03 96 04 03     E8 00 FE 02     0B 03 E8 00
                01 00 00 00     00 64 13 88     0A 00 65 53     45 30 35 31
                00 00 00
App   :INFO :Applet deselection successful!
App   :INFO :Key Rotation was successful!
App   :INFO :Rotation back to default keys was successful!
App   :INFO :Entering normal world.

Welcome in normal world (SIMW)!