september 2013 doc id024189 rev 2 1/30 AN4240 application note introduction to the cryptographic service engine (cse) module for spc56ecxx and spc564bxx devices introduction this application note provides an easy introduction to the usage of the cse module inside the spc56ecxx and spc564bxx family of devices. the cse module implements the security functions described in the secure hardware extension (she) functional specification version 1.1. three examples show main the features of the cryptographic service engine and in the same time the differences between the electronic code book (ecb), and the cipher block chaining (cbc) mode of the advanced encryption standard (aes) algorithm, defined by she specification. in particular, first example shows how to load cryptographic keys into secure flash in order to permit the usage of the cryptographic module. second application code shows that if a data or an image has a low variance, the cbc cipher mode provides a best performance in terms of message encryption in comparison with the ecb cipher mode. last example code shows how to release a secure boot in order to prevent application code from being altered by an unauthorized party cipher. www.st.com
contents AN4240 2/30 doc id024209 rev 2 contents 1 cse ip block overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2 aes-128 encryption and decryption overview . . . . . . . . . . . . . . . . . . . . 7 2.1 electronic code book (ecb) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2 cipher block chaining (cbc) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3 cmac (cipherbased message authentication code) . . . . . . . . . . . . . . . . 8 3 secure boot procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 4 secure storage for cryptographic keys . . . . . . . . . . . . . . . . . . . . . . . . . 11 5 application code structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 5.1 peripherals and tools used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 5.2 code implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 5.2.1 disable software watchdog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 5.2.2 mode init . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 5.2.3 pll configuration function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 5.2.4 cse initialization function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 5.2.5 load crypto keys function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 5.2.6 app code to be added to have a secure boot . . . . . . . . . . . . . . . . . . . . 17 5.2.7 demo application code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 6 application demo results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 7 conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 appendix a how to generate the m1-m5 parameters . . . . . . . . . . . . . . . . . . . . . 26 a.1 memory update protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 a.2 cryptographic keys used. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 appendix b references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 b.1 reference documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 revision history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
doc id024209 rev 2 3/30 AN4240 list of tables list of tables table 1. secure boot example structure to add at the start of boot sectorr . . . . . . . . . . . . . . . . . . . . 9 table 2. memory slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 table 3. key attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 table 4. memory update policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 table 5. examples of keys used for the project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 table 6. revision history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
list of figures AN4240 4/30 doc id024209 rev 2 list of figures figure 1. cse ip block. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 figure 2. ecb block diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 figure 3. cbc block diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 figure 4. cmac scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 figure 5. secure boot mode procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 figure 6. software watchdog disable function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 4 figure 7. mode init function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 figure 8. pll init function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 figure 9. cse init function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 figure 10. get uid function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 figure 11. load key function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 figure 12. secure boot code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 figure 13. locator file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 figure 14. locator memory setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 figure 15. encryption/decryption functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 figure 16. demo starting point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 figure 17. ecb encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 figure 18. cbc encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 figure 19. ecb decryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 figure 20. cbc decryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
doc id024209 rev 2 5/30 AN4240 cse ip block overview 1 cse ip block overview cryptographic service engine (cse) is a peripheral module that implements the security functions described in the secure hardware extension (she) functional specification version 1.1. the cse is an on-chip extension of the microcontroller. it is intended to move the control over cryptographic keys from software domain into the hardware domain and therefore protect those keys from software attacks. cse design includes a host interface (via peripheral bridge) with a set of memory mapped registers used by cpu to issue commands (for example get_id, init_cse, etc). furthermore a system bus interface (via xbar if) allows the cse to directly access the system memory. here the crypto module behaves like any other master. through the host interface the user configures and controls the cse module, for example putting the module into low power mode, enabling interrupts for finished command processing or suspending command processing. the status and error register gives further system information. figure 1. cse ip block two dedicated blocks of system flash memory are used by the cse for secure key and firmware storage. these blocks are not accessible by other masters from system and therefore are called secure flash. the command processing is done by a 32-bit cse core with attached rom and ram running at system frequency of soc. see figure 1. ^ o}l / e d ^ }? z k d z d ^ z e ' / w ^l? or / & |