5.13.2. Key Rotation using PUF¶
This example demonstrates how to use PUF to manage PlatformSCP keys and rotate the keys using PUF. For details on PUF and usage with LPC55S, refer to SCP03 with PUF.
Before running this example, be sure that correct PlatformSCP keys are already provisioned in PUF. For details on how to provision keys in PUF, refer Section 5.13.1 Key Injection to PUF.
In this example, we first open a session with default PlatformSCP keys and perform an RNG operation, then we rotate the keys in SE and PUF, reopen session with new keys and perform RNG operation again to demonstrate that the keys have been rotated. Finally, we revert to the old keys.
Warning
We are using randomized keys for key rotation. Make sure that the demo runs completely without any power interruptions. In case of failure, SE050 could be using the new keys and re-running the demo will fail.
5.13.2.1. Pre-requisites¶
Build Plug & Trust middleware stack. (Refer Building / Compiling)
PUF must be enrolled first and original SCP03 keys must be provisioned and ActivationCode and KeyCodes must be updated in
ex_scp03_puf.h. SBL and secure app should be compiled with the correct AC and KCs. See Section 5.13.1 Key Injection to PUF on how to provision PUF with PlatformSCP03 keys.
5.13.2.2. How to build¶
Make sure that you compile the secure example first. The non-secure example links to the secure example.
Compile the secure example with the following CMake options:
Host=lpcxpresso55s_sSCP=SCP03_SSSSE05X_Auth=PlatfSCP03Project:
puf_rotate_scp03_s
Compile the non-secure example with the following CMake options:
Host=lpcxpresso55s_nsSCP=SCP03_SSSSE05X_Auth=PlatfSCP03Project:
puf_rotate_scp03_ns
5.13.2.3. How to run¶
Follow the steps given below to flash secure and non-secure binaries on LPC55S board.
Import secure and non-secure projects into MCUXpresso IDE
Update
Makefiletarget for both projects
Build the projects.
Note
Be sure that you build the secure project first and then the non-secure project.
Start
GUI Flash ToolNote
You can program the binary by debugging the project also. If you want to debug, go to step 6.
On successful operation you should see the following message
To start debugging into the project, simply select the project that you want to debug and press the
Debugbutton in QuickStart Menu.
Make sure that in the
Debug ConfigurationunderGUI Flash Tooltab, you have selected Program.
Perform the last two steps for both the projects (order does not matter). While debugging, flash the program that you want to debug second.
When you have flashed both the projects, reset the board. On successful execution you would be able to see the following log in terminal
App :INFO :PlugAndTrust_v02.15.00_20200522
sss :INFO :atr (Len=35)
01 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 00
01 00 00 00 00 64 13 88 0A 00 65 53 45 30 35 31
00 00 00
sss :INFO :atr (Len=35)
01 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 00
01 00 00 00 00 64 13 88 0A 00 65 53 45 30 35 31
00 00 00
App :INFO :Applet selection successful!
App :INFO :Random test 1 was successful, with default SCP03 keys!
sss :INFO :atr (Len=35)
01 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 00
01 00 00 00 00 64 13 88 0A 00 65 53 45 30 35 31
00 00 00
App :INFO :Applet deselection successful!
App :INFO :Key Rotation was successful!
sss :INFO :atr (Len=35)
01 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 00
01 00 00 00 00 64 13 88 0A 00 65 53 45 30 35 31
00 00 00
App :INFO :Applet selection successful!
App :INFO :Applet is now using PUF keys!
App :INFO :Random test 2 was successful, with new PUF keys!
sss :INFO :atr (Len=35)
01 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 00
01 00 00 00 00 64 13 88 0A 00 65 53 45 30 35 31
00 00 00
App :INFO :Applet deselection successful!
App :INFO :Key Rotation was successful!
App :INFO :Rotation back to default keys was successful!
App :INFO :Entering normal world.
Welcome in normal world (SIMW)!
