9.11. Using own Platform SCP03 KeysΒΆ

The Plug & Trust MW can use PlatformSCP03 keys from file system. The key files for different platforms are defined as:

For Android

#define EX_SSS_SCP03_FILE_DIR "/data/vendor/SE05x/"
#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt"

For Linux

#define EX_SSS_SCP03_FILE_DIR "/tmp/SE05X/"
#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt"

For Windows

#define EX_SSS_SCP03_FILE_DIR "C:\\nxp\\SE05X\\"
#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt"

You need to create a file at this location to allow the MW to pick up the file automatically. Another option is to set the environment variable EX_SSS_BOOT_SCP03_PATH to the complete file path.

The MW will first look for the file at the above path, if it is not able to find the file, it will try to use the environment variable, and lastly, it will fall back to pre-compiled keys.

Note

For Android systems, it is important to update sepolicy to allow access to Platform SCP03 keys directory. Refer to AOSP setup Section 9.5.9.2.1 AOSP build Environment for Hikey960 for details on required system patches.

It is advisable to create a file at this location to allow MW to use those keys instead of pre-compiled keys as the user can also rotate the keys in which case if the MW was using pre-compiled keys, all further operations will fail.

An example of file format is:

# This is a comment, empty lines and comment lines allowed.
ENC 35C29245895EA34F6136155F8209D6CD # Trailing comment
MAC AF172D5D54F7C0D5C10A05B9F1207F78 # Optional trailing comment
DEK A2BC8438BF77015B361A4425F239FA29 # Optional trailing comment

Replace the ENC, MAC and DEK keys with your own keys.

For information on rotating Platform SCP03 keys, refer to Section 5.19 SE05X Rotate PlatformSCP Keys Demo