BQ26100: BQ26100EVM

Hi Corbin, 

After looking over the details I wanted to check/suggest a few things. 

During the key programing, do you have the device set up for programming OTP (external supply to PWR pin) as shown in Fig. 20 External Power Source Connection of the datasheet? Once you program the key the device will OTP program the private key and display the key to you after hitting "Generate Key" in the KEYPGM tab of the SW tool. 

In the BQ26100 Evaluation Software User's guide: https://www.ti.com/lit/ug/sluu244a/sluu244a.pdf section 4.5 KEY PGM there is a mention of this process.

In the process above, you mention you only have a 64-bit key. Meaning that you are wanting to either program the upper 64-bits or lower 64-bits of the 128-bit key. If this is the case, you can use the "Random" key in 'Message Generation' box. I think the part we may be missing here is selecting which key will be programmed (K0 or K1). When you hit generate, I believe the program will populate one of the fields. You will then enter your own 64-bit key and hit "Generate Key". 

If all is good, you will get a completion dialog box that will display the key that was programmed into private OTP. 

Hope this helps!

Best, 

-Luis Torres

I do have the lash up as described in the eval data sheet you mention.  7 vdc and 3.3 vdc power supplies. 

You are correct, I have total of 128 bits of authentication key to enter and I want to program the entire key into the part at once so I checked both K1 and K2 boxes.  What I am  not understanding is, there is a total of 40 boxes to enter data into. 20 boxes message0 and 20 message1.  Each box seems to accommodate a byte.  So I only need 16 boxes total to accommodate my 128 bit Key.  What boxes do I put my key into and what do I put in the empty boxes, if anything.

I also do not understand why I got an error when I tried the random approach.

dpk

Also, is it possible that I need to program or set bits elsewhere before trying to set the KEY?  I am going straight to KEY PGM.

WHen I read the STATUS it shows all FFs.

I do have the jumper J3 installed for OTP programming.

Hi Corbin, 

Apologies for the delay, I've been digging into this one to try and help troubleshoot this. Couple of questions: 

When using the "user input" option: What does it do when you enter both 20-byte entries? 

I'm still getting familiar with the key generation but the key that you are trying to enter, how was it generated?

Can you also try to see if you can generate 2 of the random 20byte messages? You've mentioned that the program only populates one line then gives an error.

Best, 

-Luis Torres

No problem on the delay.

Your first question is actually the basis for my question.  The secure key for SHA1 is always 128 bits or 16 bytes in length. That's why I do not understand why there are 40 boxes to fill in.  I don't know what boxes to put my 16 bytes of the key into and then what to put in the remaining boxes.  

As far as how I generated my key goes, I simply put together a random 128 bits to be my secret key

If you look at the first picture in my original communication, you will see what is generated when I select RANDOM rather than USER INPUT and hit GENERATE KEY.  You will also see the error.

If you are unfamiliar with the use of the Key in SHA1, click on the AUTH tab.  This screen makes sense to me as I have use it with other BQs.  You will see where you put in the Secret Key 128 bits.  Then a 20 byte random challenge value.  Then SEND to the part.  If the result from the part using the key we entered into part using KEY PGM and the challenge matches the result the host generated using the key we entered on the top line and the challenge, we had a successful Authentication.  Obviously, that requires us first to get the Key into the part using KEY PGM.

I apologize for just not getting it.  I know its going to turn out to be something simple, and will work just fine.

dpk

Hi Corbin, 

No worries, we will get this resolved one way or another!

I managed to get my hands on a BQ26100EVM and started playing with the EVSW tool (just the areas in question).

I believe the answer to the 20-byte block in the EVSW is for added security. Mentioned in the device DS:

"To further protect the 128-bit key, the value written to each 64-bit non-volatile key space is the output of a SHA-1 calculation on a 160-bit input."

So in the case of the BQ26100 it will generate a 288bit input =160bit (padded message)+128bit (128bit split key)

Based on this, the input into the "input generated" section may look something like:

"Message 0: 80 00 00 00 00 00 00 00 00 00 00 00 00 XX XX XX XX XX XX XX XX " for 1st 64bit key...

"Message 1: 80  - - - -padded message - - - - - - - - - - - - - - 2nd 64bit key - - - - - - - "

Do keep in mind that the format for the total 128bit key is two 64-bit messages, each part of the key is written in the form of a SHA-1 output of 160bits (20bytes), sorry if it is repetitive. 

Give it a go and let me know if this makes sense/ solves the issue.

On another note I was able to generate the random keys but get an error (I think because I am not set-up for OTP) when it should spit out a key.

Also double checked the STATUS page and did notice that 00 Lock Page is 0x3F and not FF across the board as you mentioned previously. 

I mainly wanted to get it up and running to play with the tool to inform you better. Please let me know if any progress with this. 

Best, 

-Luis Torres 

I did have some progress.  I think.

I used the following secure key

-----------------------------------------------------

Auth Key 3    0x30372046

Auth Key 2    0x65627275

Auth Key 1   0x61727920

Auth Key 0   0x32303132

-----------------------------------------------------

I entered the data into the boxes using your suggested format and hit Generate Key. No errors. Result:

As you can see the result in the Generated Key field does not match the data I entered for the KEY.

In addition, I now show the same results you have in the STATUS register 3F in the Page Lock field.

If I read the data sheet correctly that means the Key lock bits are set.   I didn't expect that until I hit the Transfer Key button on the Key Pgm page.

Does that mean I have written the generated key into the part without hitting the transfer key?

Hi Corbin,

From the documentation I believe it may have programmed the device, hitting the  Transfer Key button seems to copy the generated key to the AUTH page. Are you able to check if the LOCKK0/LOCKK1 bit is written? If so then the key may have been programmed to OTP . 

Also, wouldn't the generated key not match in general since the SHA1/HMAC algorithm is run twice on the BQ26100?

Best, 

-Luis Torres

Thats what I thought.  Unfortunately, as I mention above, when I read STATUS it shows the LOCK PAGE reads 3F. That would seem to indicate the lock bits have been set to 0, or locked.  I note that you found the same result after Generating the Key.  I am not sure how that happened since you stated that you did not have the 3.3 vdc power supply in place.

The big question for me still remains, what to put into the boxes to result in m desired key.  Apparently padding the data with 80 00 ...... was not the answer?

dpk

I think I am going to order in a few virgin 26100 parts and start fresh.  I tried authenticating using the generated key and the one I wanted to use and both failed.  So I do not know what I programmed in as the key at this point. It likely happened when I was fumbling around early on.

I will let you know how it goes.

Sounds good Corbin,

I've gone ahead and ordered some fresh EVM's as well, as you mentioned the one I have may already be written to. Please keep me informed on the progress when the new ones arrive!  

I believe the Padding + key approach is correct, I am referencing this document here: "How to Implement SHA-1/HMAC Authentication for bq26100"  https://www.ti.com/lit/an/slua389a/slua389a.pdf

It has examples of how BQ26100 is taking the inputs and generating the key. 

My parts should be here Monday. I ordered 25 pcs so I should figure it out before I destroy that many.

 I will look at the document you reference again.  I had thought that document was solely directed at how a Host would calculate the correct authentication response to compare with the response from the bq26100, not how to set the key in the bq26100, so I didn't pay much attention to it as a solution.

dpk

Sounds good Corbin! 

I've got a couple on the way, do let me know if you make progress once you get them!

Best,

-Luis Torres

Hi Luis

Some progress.

I put on a new part and entered the desired KEY and padded with 80... as you suggested. 

Then Hit Generate Key

And it generated a Key but not the one I wanted.

I hit transfer and it sent it to the Authenticate page.

I hit send and authenticate and...

.... we have a successful authentication.  SO we know everything works as we would expect except for how to get my desired Key into the part.

Any Ideas?