• State Not Answered
  • Replies 6 replies
  • Subscribers 65 subscribers
  • Views 205 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 329128
Options

`hw_unique_key` secure boot sample ignores CONFIG_HW_UNIQUE_KEY_LOAD overlay

3Nigma

Hey there,

I'm trying to build the `hw_unique_key` sample for a nrf5340dk_app (non NS) with CONFIG_SECURE_BOOT so that its `child_image/b0.conf` with CONFIG_HW_UNIQUE_KEY_LOAD gets applied.

In the end, CONFIG_HW_UNIQUE_KEY_LOAD is not applied do the missing dependencies HAS_HW_NRF_ACL && HAS_HW_NRF_CC310 && NRF_CC3XX_PLATFORM .

Since NRF5340 is using CryptoCell version CC312, is there a way to have CONFIG_HW_UNIQUE_KEY_LOAD enabled for b0 so that HUK can be loaded into the KDR at boot time?
Hope this makes sense,
Thank you for your time,
V
Parents
  • 0

    Hi,

    Could you provide your build command, full build log and your configuration files (prj.conf and b0.conf)?

    Which NCS version do you use?

    Best regards,
    Dejan

  • 0 in reply to dejans

    Hey Dejan,

    Didn't touch anything else from the original hw_unique_key sample code. Just added CONFIG_SECURE_BOOT=y to prj.conf and added a build configuration for both nrf5340dk_nrf5340_cpuapp and nrf5340dk_nrf5340_cpuapp_ns (they both exhibit the same behaviour: no CONFIG_HW_UNIQUE_KEY_LOAD gets added to b0/.config )

    b0.conf was not touched. It's the same one you'll find in child_image/b0.conf, in the original sample code.

    I'm on v2.6.1

    Hope this helps,

    V

  • 0 in reply to 3Nigma

    Hi,

    dejans said:
    Could you provide your build command, full build log

    Can you provide full build log?

    Best regards,
    Dejan

  • 0 in reply to dejans

    I think we might be experiencing some sort of language barrier, here. 

    Steps to reproduce:

    1. clone the the hw_unique_key sample (via vs code if it's faster)

    2. add CONFIG_SECURE_BOOT=y to prj.conf

    3. create a build configuration for nrf5340dk_nrf5340_cpuapp and use sdk-nrf v2.6.1 to build it

    You'll have everything you need to trace this after you build it.

    Expected outcome:

    build/b0/zephyr/.config to contain CONFIG_HW_UNIQUE_KEY_LOAD=y

    Actual outcome:

    build/b0/zephyr/.config DOES NOT contain CONFIG_HW_UNIQUE_KEY_LOAD=y

    Reason:

    Do you still need the full build log?!?

    Thank you for your time,

    Take care.

    Vic

  • 0 in reply to 3Nigma

    Hi Vic,

    3Nigma said:
    Do you still need the full build log?!?

    I am just trying to assist you in the best possible way. I thought that build log could provide the best possible additional information. 

    3Nigma said:
    Steps to reproduce:

    I have reproduced the issue. We will look into it internally. I will get back to you hopefully by the end of this week, but please note that replies might get delayed due to the holiday season.

    Best regards,
    Dejan

Reply
  • 0 in reply to 3Nigma

    Hi Vic,

    3Nigma said:
    Do you still need the full build log?!?

    I am just trying to assist you in the best possible way. I thought that build log could provide the best possible additional information. 

    3Nigma said:
    Steps to reproduce:

    I have reproduced the issue. We will look into it internally. I will get back to you hopefully by the end of this week, but please note that replies might get delayed due to the holiday season.

    Best regards,
    Dejan

Children
Related