https://community.nxp.com/t5/i-MX-Processors/Programming-the-attestation-key/m-p/905030#M136565 <HTML><HEAD></HEAD><BODY><P>Dear Jamesbone,</P><P></P><P>I am from hirain company in China, and our company is already made NDA with NXP,&nbsp;</P><P>and for some questions, our FAE also cannot give me correct answers, and he&nbsp;let me to try to ask questions in community.</P><P>And now i have document "Security Reference Manual for i.MX&nbsp;8DualXPlus/8QuadXPlus Application Processors" and</P><P>document "i.MX Android™ Security User's Guide".</P><P>But i cannot find answers to my questions.</P><P></P><P>Could you give me the security manual document name? so that i can ask FAE to share the doc to me.</P><P></P><P>Thanks a lot.</P></BODY></HTML> Thu, 09 May 2019 00:30:46 GMT zhongyue_li 2019-05-09T00:30:46Z https://community.nxp.com/t5/i-MX-Processors/Programming-the-attestation-key/m-p/905028#M136563 <HTML><HEAD></HEAD><BODY><P>Dear NXP engineer:</P><P></P><P>I am trying to read document named "I.MX_Android_Security_User_Guide.pdf"</P><P>Following is the content mentioned in the doc.</P><P>3.3.6 Programming the attestation key<BR />Attestation key is programmed in U-Boot. The keystore key attestation aims to provide a way to strongly determine if an<BR />asymmetric key pair is hardware-backed, what the properties of the key are, and what constraints are applied to its usage.Google provides the attestation "keybox", which contains private keys (RSA and ECDSA) and the corresponding certificate chains to partners from the Android Partner Front End (APFE). After retrieving the "keybox" from Google, you need to parsethe "keybox", provision the keys and certificates to secure storage. Both keys and certificates should be encoded with Distinguished Encoding Rules (DER).<BR />Fastboot commands are provided to provision the attestation keys and certificates. Make sure that the secure storage is<BR />properly initialized for Trusty OS.&nbsp;</P><P></P><P>Referring to above content,</P><P>I have two questions, could you help to check them?</P><P>1. Where is the secure storage mentioned in above content?&nbsp;</P><P>&nbsp; &nbsp; the attestation key will be stored in this secure storage?</P><P>2.&nbsp;How are the attestation keys used after provision?&nbsp;&nbsp;&nbsp;</P><P></P><P></P><P>Thanks a lot.</P><P>Have a nice day.</P></BODY></HTML> Wed, 08 May 2019 14:47:38 GMT https://community.nxp.com/t5/i-MX-Processors/Programming-the-attestation-key/m-p/905028#M136563 zhongyue_li 2019-05-08T14:47:38Z https://community.nxp.com/t5/i-MX-Processors/Programming-the-attestation-key/m-p/905029#M136564 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>You need to access the security reference Manual to get the answer, but this manual it is under NDA, and you need to contact your local FAE or sales,&nbsp; and ask for the security manual, they will help to provide it.</P><P></P><P>Have a nice day</P></BODY></HTML> Wed, 08 May 2019 16:47:04 GMT https://community.nxp.com/t5/i-MX-Processors/Programming-the-attestation-key/m-p/905029#M136564 jamesbone 2019-05-08T16:47:04Z https://community.nxp.com/t5/i-MX-Processors/Programming-the-attestation-key/m-p/905030#M136565 <HTML><HEAD></HEAD><BODY><P>Dear Jamesbone,</P><P></P><P>I am from hirain company in China, and our company is already made NDA with NXP,&nbsp;</P><P>and for some questions, our FAE also cannot give me correct answers, and he&nbsp;let me to try to ask questions in community.</P><P>And now i have document "Security Reference Manual for i.MX&nbsp;8DualXPlus/8QuadXPlus Application Processors" and</P><P>document "i.MX Android™ Security User's Guide".</P><P>But i cannot find answers to my questions.</P><P></P><P>Could you give me the security manual document name? so that i can ask FAE to share the doc to me.</P><P></P><P>Thanks a lot.</P></BODY></HTML> Thu, 09 May 2019 00:30:46 GMT https://community.nxp.com/t5/i-MX-Processors/Programming-the-attestation-key/m-p/905030#M136565 zhongyue_li 2019-05-09T00:30:46Z