A Deep Dive into SHE Key Slots for Automotive Microcontrollers
In the realm of automotive cybersecurity, microcontrollers must support secure storage, cryptographic operations, and boot integrity. To meet these requirements, several OEMs and Tier-1 suppliers adopt Secure Hardware Extension (SHE) — a hardware-based security module that enables lightweight cryptographic capabilities. One of the core architectural features of SHE is its Key Slot system, which manages the storage and usage of cryptographic keys.
In this blog, we’ll explore the structure, memory layout, purpose, and operational flow of these SHE key slots in detail.
🧩 What Are SHE Key Slots?
The SHE peripheral organizes all key material into fixed memory slots, each assigned a unique address and memory type. These slots are not directly accessible by software for raw read/write operations; instead, access is tightly controlled through authorized commands and secure update protocols. This provides isolation and protection against tampering and unauthorized access.
Each slot is 128 bits wide (the standard AES block size) and is designed to store a single cryptographic key or related information.
🧠 SHE Key Slot Layout and Address Mapping
SHE key slots are divided into ROM, non-volatile (NVM), and volatile (RAM) memory areas. Here’s how the mapping typically looks:
| Key Name | Address (Hex) | Memory Type |
|---|---|---|
SECRET_KEY | 0x0 | ROM (Read-Only) |
MASTER_ECU_KEY | 0x1 | Non-volatile |
BOOT_MAC_KEY | 0x2 | Non-volatile |
BOOT_MAC | 0x3 | Non-volatile |
KEY_1 to KEY_10 | 0x4 to 0xd | Non-volatile |
RAM_KEY | 0xe | Volatile (RAM) |
These slots serve distinct roles, and their access is managed with strict control flags and permissions.
🔑 Roles and Responsibilities of Key Slots
Each slot has a specific functional role depending on the cryptographic context:
1. MASTER_ECU_KEY (0x1)
This is the root authorization key used to securely update other key slots using the Memory Update Protocol (M1–M5 blocks). Only keys imported and verified using this root can be trusted for use in security operations. It is usually written once by the OEM and protected thereafter.
2. BOOT_MAC_KEY and BOOT_MAC (0x2–0x3)
These slots are responsible for validating the integrity of the bootloader or firmware during secure boot. They store keys and the reference MAC value to authenticate the boot image. If validation fails, boot-up can be aborted or flagged.
3. KEY_1 to KEY_10 (0x4–0xd)
These general-purpose keys are used for:
AES-128 encryption and decryption
CMAC (Cipher-based MAC) generation and verification
Seed extension for PRNG
They are flash-resident, meaning their values persist across resets. However, due to security requirements, these keys must be imported via encrypted update mechanisms and are never exposed in plaintext.
4. RAM_KEY (0xE)
Unlike others, the RAM_KEY is stored in volatile memory. It is intended for short-lived cryptographic use cases such as session keys or temporary data protection. It can be imported in plaintext format without the full memory update protocol. This makes it ideal for rapid prototyping or runtime key provisioning — though with the trade-off that its value is lost after a power cycle.
🧭 How Key Updates and Access Work
To use a key, its value must be imported using either of two methods:
Secure Method (M1–M5 Protocol):
Used for non-volatile keys. Requires MAC-authenticated command sequences using the MASTER_ECU_KEY.Plaintext Method:
Only allowed for theRAM_KEY. Uses commands likeCMD_LOAD_PLAIN_KEYand does not need authentication.
After a key is loaded, it can be used with cryptographic commands like CMD_ENC_ECB, CMD_GENERATE_MAC, or CMD_VERIFY_MAC. The key slot’s flags determine whether it can be overwritten, accessed for MAC-only or encryption-only operations, and if its usage is disabled during debug sessions.
🚦 Error Handling and Status Monitoring
SHE operations are asynchronous, meaning they return control to the CPU immediately. Internally, the SHE hardware processes the request and updates its status register with flags like BUSY, SECURE_BOOT, BOOT_OK, or EXT_DEBUGGER.
If a command fails, the SHE sets the appropriate error code, and all outputs from that operation are cleared or set to zero — especially relevant for CMAC or CBC-based operations. This ensures no partial cryptographic material leaks during failures.
🧠 Summary of Key Slot Functionalities
| Key Slot | Role | Persistence | Import Format |
|---|---|---|---|
MASTER_ECU_KEY | Key update authorization | Non-volatile | Encrypted, OEM provisioned |
BOOT_MAC_KEY | Secure boot validation key | Non-volatile | Encrypted update |
KEY_1–10 | App-level encryption / CMAC | Non-volatile | Encrypted update |
RAM_KEY | Session/volatile crypto operations | Volatile | Plaintext allowed |
📌 Final Thoughts
The Key Slot architecture in SHE strikes a balance between security, flexibility, and performance. By organizing key material into designated slots and enforcing access through controlled commands, SHE creates a robust framework suitable for automotive-grade embedded systems.
For developers working with NXP S32K MCUs or similar automotive platforms, understanding these key slots and their constraints is essential for building secure and compliant software. Whether you’re implementing secure boot, encrypted CAN communication, or random challenge authentication, SHE’s key slot model provides the hardware-level foundation to do it right.
