EEPW论坛

【简介】

在之前的 S32K3 安全启动的介绍中的帖子（【S32K3XX】Secure Boot 启动流程梳理），以下代码是更新SMR配置的代码。

hseSrvResponse_t HseFrm_SecureBoot_InstallSmrEntry
(
const uint8_t entryIndex,
const hseSmrEntry_t *pSmrEntry,
const uint8_t *pData,
const uint32_t dataLen,
const uint8_t *pSign0,
const uint8_t *pSign1,
const uint32_t SignLen0,
const uint32_t SignLen1
)
{
hseSrvResponse_t hseSrvResponse = 0xFFFFFFFF;

hseSrvDescriptor_t hseSrvDesc ;
hseSrvDescriptor_t* pHseSrvDesc = &hseSrvDesc;

hseSmrEntryInstallSrv_t *pSmrEntryInstall = &(pHseSrvDesc->hseSrv.smrEntryInstallReq);

MEMSET(pHseSrvDesc, 0, sizeof(hseSrvDescriptor_t));

pHseSrvDesc->srvId = HSE_SRV_ID_SMR_ENTRY_INSTALL;

pSmrEntryInstall->accessMode = HSE_ACCESS_MODE_ONE_PASS;
pSmrEntryInstall->entryIndex = entryIndex;
pSmrEntryInstall->pSmrEntry = (HOST_ADDR)hsePort_Mem_AddrHandler((HOST_ADDR)(pSmrEntry));

pSmrEntryInstall->pSmrData = (HOST_ADDR)hsePort_Mem_AddrHandler((HOST_ADDR)(pData));
pSmrEntryInstall->smrDataLength = dataLen;
pSmrEntryInstall->pAuthTag[0] = (HOST_ADDR)hsePort_Mem_AddrHandler((HOST_ADDR)(pSign0));
pSmrEntryInstall->pAuthTag[1] = (HOST_ADDR)hsePort_Mem_AddrHandler((HOST_ADDR)(pSign1));
pSmrEntryInstall->authTagLength[0] = SignLen0;
pSmrEntryInstall->authTagLength[1] = SignLen1;

hseSrvResponse = gHsePort_HseIf.reqApi( pHseSrvDesc , NULL );

return hseSrvResponse;
}

上述的代码通过调用 HSE_SRV_ID_SMR_ENTRY_INSTALL 服务来安装Smr 配置信息,SMR 表主要配置的信息如下：

上述配置主要配置了的secure boot 的校验区域的起始地址及长度，以及使用的校验算法的keyhandle 以及一些配置的标记flag,以下是本地程序配置的三个smr 表的配置信息。

const hseMid_SmrEntryElem_t gHseBootCfg_SmrEntryList_Core_0[] =
{
{
.smrIndex                           = 0,
.pSmrSrc                            = SMR_0_ADDR,
.smrSize                            = SMR_0_SIZE,
.genKeyHandle                       = NVM_CUST_HMAC_KEY256_0,
.authKeyHandle                      = NVM_CUST_HMAC_KEY256_1,
.authScheme                         = SMR_MAC_SCH_HMAC,
.pInstAuthTag                       = {SMR_0_AUTH_TAG_0, NULL},
.configFlags                        = HSE_SMR_CFG_FLAG_INSTALL_AUTH ,
.checkPeriod                        = 0U,
.versionOffset                      = HSE_SMR_VERSION_NOT_USED,
.isSmrSrcSwap                       = TRUE,
},

{
.smrIndex                           = 1,
.pSmrSrc                            = SMR_1_ADDR,
.smrSize                            = SMR_1_SIZE,
.genKeyHandle                       = NVM_CUST_HMAC_KEY256_0,
.authKeyHandle                      = NVM_CUST_HMAC_KEY256_1,
.authScheme                         = SMR_MAC_SCH_HMAC,
.pInstAuthTag                       = {SMR_1_AUTH_TAG_0, NULL},
.configFlags                        = HSE_SMR_CFG_FLAG_INSTALL_AUTH ,
.checkPeriod                        = 0U,
.versionOffset                      = HSE_SMR_VERSION_NOT_USED,
.isSmrSrcSwap                       = TRUE,
},

{
.smrIndex                           = 2,
.pSmrSrc                            = SMR_2_ADDR,
.smrSize                            = SMR_2_SIZE,
.genKeyHandle                       = NVM_CUST_HMAC_KEY256_0,
.authKeyHandle                      = NVM_CUST_HMAC_KEY256_1,
.authScheme                         = SMR_MAC_SCH_HMAC,
.pInstAuthTag                       = {SMR_2_AUTH_TAG_0, NULL},
.configFlags                        = HSE_SMR_CFG_FLAG_INSTALL_AUTH ,
.checkPeriod                        = 0U,
.versionOffset                      = HSE_SMR_VERSION_NOT_USED,
.isSmrSrcSwap                       = TRUE,
},
};

Secure boot 启动程序检查配置的SMR表区域是否校验成功，校验成功则会启动应用程序。