Hello team,
I have created the Renesas key file by following the application note ( Device Lifecycle Management for Cortex-M33) section 4. DLM Key Injection. Once this is done, I had used this key in the RFP software for key ejection, and it was worked (key ejection and DLM transition)The below is the final steps during the creation of Renesas key file.
Question:1) I want to use this Renesas file(.rkey) in another software, So is it possible to extract the content of this file?2) My requirement is to perform key ejection using key setting command (UART), with the extracted data of this file
Dear KPA ,
Thank you for your inquiry. The .rkey file generated during the DLM key injection process is securely encrypted using the User Factory Programming Key (UFPK) and the Wrapped UFPK (W-UFPK), making it impossible to extract its contents. This ensures the security and integrity of the keys. Additionally, UART-based key ejection is not supported. The recommended approach for key ejection and DLM state transitions is to use the Renesas Flash Programmer (RFP). If you require further assistance or alternative solutions, please let us know.
.rkey
Best regards,
GN_Renesas
Hello,
The .rkey files are files used by RFP. Theoretically the information could be somehow extracted but there is no guide or test on how it can be done.
Sorry for the inconvenience, AZ-Renesas GN_Renesas @The following is the abstract from the bootloader manual.Here, by using this command, it is possible to eject/set the DLM key to the device, right?1) Could you please give some more information regarding this command (key setting command) since I need to implement a code which is used for DLM transition and key setting using bootloader command packet. Do you have any reference code regarding the calculation of MAC value (16 byte)?2) In the bootloader manual, there no information regarding the calculation process of MAC value * In this, I have the details about ESKY, IVEC. But I am stuck in the next parameter (EOKY: install data).3) During set key command, which IV (interrupt vector) address should I give?Is the IV address is same as the address that I gave in the initial stage of Wrapping the SECDBG_KEY using SKMT? or any RAM address?
As mentioned before the Install data (encrypted key | MAC) is calculated with AES ECB algorithm.
To inject the same DLM key, you should set the same IV value too. But there is not a 'wrong' IV value.
You might want to take a look at the application note "Implementing Production Programming Tools for RA Cortex-M33 with Device Lifecycle Management" which includes details on how to parse (including example python code) and then inject the rkey file as part of the production programming process.
https://www.renesas.com/en/document/scd/implementing-production-programming-tools-ra-cortex-m33-device-lifecycle-management?language=en&r=1400806
Hope this helps!
Thank you for your valuable support, it helped me a lot.This document contains all the details that I need, which is very helpful for my implementation.