5.13.1. Key Injection to PUF¶
This example demonstrates how to enroll PUF on LPC55S, inject PlatformSCP keys into PUF and retrieve key codes. This example can be used as a starting point to inject default SCP03 keys into PUF.
Note
After running this example, update ex_scp03_puf.h
file with the new Activation code and keyCodes.
5.13.1.1. Pre-requisites¶
Build Plug & Trust middleware stack. (Refer Building / Compiling)
5.13.1.2. How to build¶
Replace the following keys with the keys to be provisioned into PUF:
/** New key material * These will be the static platform SCP03 keys * which will be provisioned on the SE and in PUF. */ SSS_HAVE_SE05X_VER_GTE_06_00 uint8_t PROV_KEY_ENC[PUF_INTRINSIC_KEY_SIZE] = SSS_AUTH_SE051C2_KEY_ENC; uint8_t PROV_KEY_MAC[PUF_INTRINSIC_KEY_SIZE] = SSS_AUTH_SE051C2_KEY_MAC; uint8_t PROV_KEY_DEK[PUF_INTRINSIC_KEY_SIZE] = SSS_AUTH_SE051C2_KEY_DEK; e uint8_t PROV_KEY_ENC[PUF_INTRINSIC_KEY_SIZE] = SSS_AUTH_SE050_DEVKIT_KEY_ENC; uint8_t PROV_KEY_MAC[PUF_INTRINSIC_KEY_SIZE] = SSS_AUTH_SE050_DEVKIT_KEY_MAC; uint8_t PROV_KEY_DEK[PUF_INTRINSIC_KEY_SIZE] = SSS_AUTH_SE050_DEVKIT_KEY_DEK; if
For information on PUF, refer SCP03 with PUF.
Compile and run the example with the following CMake options:
Host=lpcxpresso55s
Project:
puf_inject_scp03
5.13.1.3. How to use¶
Flash the binary on the device.
On successful execution, you will be able to see the ActivationCode and KeyCodes printed out on the console.
5.13.1.4. Injecting keys into PUF¶
Refer to the below implementation on how to implement a simple function to inject SCP03 keys into PUF.
static status_t puf_insert_scp03_keys(uint8_t *PROV_KEY_ENC, uint8_t *PROV_KEY_MAC, uint8_t *PROV_KEY_DEK)
{
status_t result = kStatus_Fail;
uint8_t activationCode[PUF_ACTIVATION_CODE_SIZE];
srand(0xbabadeda);
puf_config_t conf;
PUF_GetDefaultConfig(&conf);
PUF_Deinit(PUF, &conf);
result = PUF_Init(PUF, &conf);
ENSURE_OR_GO_CLEANUP(result == kStatus_Success);
result = PUF_Enroll(PUF, activationCode, sizeof(activationCode));
ENSURE_OR_GO_CLEANUP(result == kStatus_Success);
LOG_MAU8_I("ActivationCode", activationCode, sizeof(activationCode));
PUF_Deinit(PUF, &conf);
result = PUF_Init(PUF, &conf);
ENSURE_OR_GO_CLEANUP(result == kStatus_Success);
result = PUF_Start(PUF, activationCode, PUF_ACTIVATION_CODE_SIZE);
ENSURE_OR_GO_CLEANUP(result == kStatus_Success);
result = PUF_SetUserKey(PUF,
kPUF_KeyIndex_00,
PROV_KEY_ENC,
PUF_INTRINSIC_KEY_SIZE,
keyCodeENC_01,
PUF_GET_KEY_CODE_SIZE_FOR_KEY_SIZE(PUF_INTRINSIC_KEY_SIZE));
ENSURE_OR_GO_CLEANUP(result == kStatus_Success);
LOG_MAU8_I("KeyCode_ENC", keyCodeENC_01, PUF_GET_KEY_CODE_SIZE_FOR_KEY_SIZE(PUF_INTRINSIC_KEY_SIZE));
result = PUF_SetUserKey(PUF,
kPUF_KeyIndex_00,
PROV_KEY_MAC,
PUF_INTRINSIC_KEY_SIZE,
keyCodeMAC_01,
PUF_GET_KEY_CODE_SIZE_FOR_KEY_SIZE(PUF_INTRINSIC_KEY_SIZE));
ENSURE_OR_GO_CLEANUP(result == kStatus_Success);
LOG_MAU8_I("KeyCode_MAC", keyCodeMAC_01, PUF_GET_KEY_CODE_SIZE_FOR_KEY_SIZE(PUF_INTRINSIC_KEY_SIZE));
result = PUF_SetUserKey(PUF,
kPUF_KeyIndex_00,
PROV_KEY_DEK,
PUF_INTRINSIC_KEY_SIZE,
keyCodeDEK_01,
PUF_GET_KEY_CODE_SIZE_FOR_KEY_SIZE(PUF_INTRINSIC_KEY_SIZE));
ENSURE_OR_GO_CLEANUP(result == kStatus_Success);
LOG_MAU8_I("KeyCode_DEK", keyCodeDEK_01, PUF_GET_KEY_CODE_SIZE_FOR_KEY_SIZE(PUF_INTRINSIC_KEY_SIZE));
cleanup:
PUF_Deinit(PUF, &conf);
return result;
}