Custom Security Dongle: Difference between revisions

From NewEagleWiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 9: Line 9:
The custom security keys are designed to limit and authorize MotoTune interactions with the system. If the CCP interface is being used, security functions and distribution mechanisms will need to be added for the PC authentication.  
The custom security keys are designed to limit and authorize MotoTune interactions with the system. If the CCP interface is being used, security functions and distribution mechanisms will need to be added for the PC authentication.  
   
   
No matter what keys are in the module, the chip is always censored, preventing BDm or JTAG access at the board level, thus stealing code via mechanism is relatively secure. The SRZ files containing the application and calibrations are also encrypted meaning only MotoTune can open them for programming. MotoTune cannot create an unencrypted version of the file; the only time the memory image is ever visible is during programming across the CAN bus. While it is possible to detect the CAN bus and record the programming transaction, it is impossible to attempt to modify the trace and reprogram the module by relaying the trace as the initial authentication request changes each time requiring the aforementioned security keys to compute the challange.
No matter what keys are in the module, the chip is always censored, preventing BDm or JTAG access at the board level, thus stealing code via mechanism is relatively secure. The SRZ files containing the application and calibrations are also encrypted meaning only MotoTune can open them for programming. MotoTune cannot create an unencrypted version of the file; the only time the memory image is ever visible is during programming across the CAN bus. While it is possible to detect the CAN bus and record the programming transaction, it is impossible to attempt to modify the trace and reprogram the module by relaying the trace as the initial authentication request changes each time requiring the aforementioned security keys to compute the challenge.
   
   
Creating a set of keys and managing the whereabouts of the provisioned security tokens is the mechanism that is available.
Creating a set of keys and managing the whereabouts of the provisioned security tokens is the mechanism that is available.
Line 28: Line 28:
#Choose "License Info"
#Choose "License Info"
#Choose "Token Info" (this info may be CTRL-V pasted into an email
#Choose "Token Info" (this info may be CTRL-V pasted into an email
Use License Update (Start -> All Programs -> MotoTools -> LicenseUpdate) to create a transaction file. Select the "Update the token with an Activation Code" radio dial and proceed. When prompted, click yes and continue with the instructions
Use License Update (Start -> All Programs -> MotoTools -> LicenseUpdate) to create a transaction file. Select the "Update the token with an Activation Code" radio dial and proceed. When prompted, click yes and continue with the instructions.

Revision as of 18:44, 10 June 2010

Custom security keys limit the ability to calibrate and interact with your modules to only those individuals that have the keys installed on their silver tokens. Within the application, each calibration, probe and table has the ability to set four read and write access levels. The custom keys contain 4 key sets associated with each of the access levels. The policy level of each level and assignment of each access level can be controlled. An example of the four levels can be seen as follows:
4: Engineering
3: Factory
2: Dealer
1: Customer
Each access level can be adjusted depending on what usage seems appropriate. In the above example, the "Dealer token has level 2 privileges and programming privileges while a "Customer" token only has level 1 keys without programming capability.

The custom security keys are designed to limit and authorize MotoTune interactions with the system. If the CCP interface is being used, security functions and distribution mechanisms will need to be added for the PC authentication.

No matter what keys are in the module, the chip is always censored, preventing BDm or JTAG access at the board level, thus stealing code via mechanism is relatively secure. The SRZ files containing the application and calibrations are also encrypted meaning only MotoTune can open them for programming. MotoTune cannot create an unencrypted version of the file; the only time the memory image is ever visible is during programming across the CAN bus. While it is possible to detect the CAN bus and record the programming transaction, it is impossible to attempt to modify the trace and reprogram the module by relaying the trace as the initial authentication request changes each time requiring the aforementioned security keys to compute the challenge.

Creating a set of keys and managing the whereabouts of the provisioned security tokens is the mechanism that is available.

Installation of Security Keys onto Dongle

Once the keys are created, they will be sent in a block which will need to be placed into the model. During compilation, this block will link in a library containing your unique keys along with the MotoHawk default keys. At build time, or during calibration, the security keys can be set to be your unique keys and any future access attempts to the module will require that the silver token be provisioned with the same keys. Any number of dongles can be provisioned with various levels of keys and priviledges.

Email Token Updates

MotoTron License Viewer (Star -> All Programs -> MotoTools -> MotoTron License Viewer) allows you to check licensing in your token (for versions MotoHawk 2008a and later).

To update the token, send the token serial number and license transaction file to: mcslicense@woodward.com. To find the serial number information (requires MotoServerRuntime 8.13.6.73 or later):

  1. Start MotoTune (to start MotoServerRuntime (antenna dish in lower right corner)
  2. Right-click antenna dish, choose "About MotoServer"
  3. Choose "License Info"
  4. Choose "Token Info" (this info may be CTRL-V pasted into an email

Use License Update (Start -> All Programs -> MotoTools -> LicenseUpdate) to create a transaction file. Select the "Update the token with an Activation Code" radio dial and proceed. When prompted, click yes and continue with the instructions.