• State
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 64 subscribers
  • Views 321 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

BQ40Z80: SHA1_SECURE bit

burak can sahin
Prodigy 20 points
Part Number: BQ40Z80
Other Parts Discussed in Thread: BQKEYPACKAGER, BQKEYPROGRAMMER

Tool/software:

Hi Everyone

I am trying to do SHA1 authentication on BQ40Z80, but I have some questions about the SHA1_SECURE bit.

In the Technical Reference Manual, it is stated that ‘Enables secure memory usage’ for SHA1_SECURE bit when it is both 0 and 1. However, when I set this bit to 1, I cannot authenticate. When I try to change the key, it gives the message that the key was successfully changed, but when I try to authenticate with the new key, I cannot succeed again.

When I set it to 0, I have no problem in both changing the key and authenticating.

In this case, what is the difference whether the SHA1_SECURE bit is 0 or 1? Also, why can't I authenticate when I set it to 1?

I have attached screen excerpts showing SHA1_SECURE bit and authentication error.

Thank you for your help.

  • +1
    TI__Mastermind 24851 points

    Hello, 

    When SHA1_SECURE = 1 then the gauge writes the key in secure memory, once the key is programmed in secure memory it cannot be reprogrammed or erased. If SHA1_SECURE = 0, then the key is just written to data flash and is not in a secure memory location and can be read back. SHA1_SECURE = 0 is usually only used for testing purposes and not in the field since it does not secure the SHA key. I recommend referring to this FAQ as I believe it is helpful here. 

    Regards, 

    Robert. 

  • 0 in reply to Jonny
    Prodigy 20 points

    Hello Robert,

    Thank you for your feedback. I have a few questions about the SHA1 configuration. Could you help me find the answers?

    1. If the key is not set before the data writing process (.gg file or .srec upload), can we specify our own key, or does the process generate a random key? Is there any difference between setting the key beforehand or afterward?

    2. Can the SHA1 configuration process (writing the initial key to the secure area) be performed while the IC data is sealed?

    3. Can I include the SHA1 configuration information within the data (.gg file or .srec)?

    Best Regards,

    Can

  • +1 in reply to burak can sahin
    TI__Mastermind 24851 points

    Hello, 

    1. The process does not generate a random key, you will have to program your own key. 
    2. The gauge must be unsealed in order to program the key onto the gauge. 
    3. You can use the BQKEYPACKAGER and BQKEYPROGRAMMER toolchain to produce a .fs file that you can manually append onto your gm.fs (golden image) file to program the key. 

    Regards, 

    Robert.