How is the blob encryption mechanism used to linux user space on ls1043ardb?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How is the blob encryption mechanism used to linux user space on ls1043ardb?

690 Views
binhua_fan
Contributor I

Hello,

We need to use blob encryption mechanism to encrypt data, which is storaged in nand flash. We had been tried to add and modified the source codes according to Generate Blob Under Linux_V2.pdf (https://community.nxp.com/docs/DOC-335353), but failed and can not compile successfully. The document (Generate Blob Under Linux_V2.pdf) is used to i.MX Processors, could you provide the source codes and methods which can support ls1043ardb board? 

Thank you very much.

Binhua

Labels (1)
1 Reply

539 Views
yipingwang
NXP TechSupport
NXP TechSupport

To establish chain of trust with confidentiality, cryptographic blob mechanism can be used. In this chain of trust, validated image is allowed to use the One Time Programmable Master Key to decrypt system secrets. Two bootscripts are to be used. First encapboot scripts is used which creates a blob of the next level images(e.g. MC, LINUX etc.) and saves them on flash. After this the system is booted after replacing the encap bootscript with decap bootscript which decapsulates the blobs and start MC and LINUXpastedImage_1.png

Get Images on DDR
.
.
.
# Create the Blobs
blob enc <Img1 addr> <Img1 dest addr> <Img1 size> <key_modifier address>
blob enc <Img2 addr> <Img2 dest addr> <Img2 size> <key_modifier address>
blob enc <Img3 addr> <Img3 dest addr> <Img3 size> <key_modifier address>
.
.
.
Save The Blobs created on Flash
.
.
.
# End of Encap Boot Script (This is one time only and must be replaced with decap Boot Script)

For details, please refer to the section "Chain of Trust with confidentiality" in LSDK user manual.

0 Kudos