<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>i.MX ProcessorsのトピックCAAM or OP-TEE</title>
    <link>https://community.nxp.com/t5/i-MX-Processors/CAAM-or-OP-TEE/m-p/1093114#M160135</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hello,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I'm looking to store some sensitive data on the i.MX 8M Mini EVK and have a question regarding usage of the CAAM and OP-TEE.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I've found the example projects here:&amp;nbsp;&lt;A class="link-titled" href="https://source.codeaurora.org/external/imxsupport/imx_sec_apps/" title="https://source.codeaurora.org/external/imxsupport/imx_sec_apps/"&gt;imx_sec_apps - i.MX Security Application Examples&lt;/A&gt;&amp;nbsp; and have been looking at&amp;nbsp;application note AN12554 (&lt;A class="link-titled" href="https://www.nxp.com/docs/en/application-note/AN12554.pdf" title="https://www.nxp.com/docs/en/application-note/AN12554.pdf"&gt;https://www.nxp.com/docs/en/application-note/AN12554.pdf&lt;/A&gt;) for CAAM key blobs and on the OP-TEE side I have been looking at the enhanced OpenSSL project in the repository I mentioned and application note AN12632 (&lt;A class="link-titled" href="https://www.nxp.com/docs/en/application-note/AN12632.pdf" title="https://www.nxp.com/docs/en/application-note/AN12632.pdf"&gt;https://www.nxp.com/docs/en/application-note/AN12632.pdf&lt;/A&gt;).&amp;nbsp;&amp;nbsp;After reading these and playing around with the code, it seems that I could use either of these methods to accomplish my goal of storing some sensitive data.&amp;nbsp; My question is could I do this using the CAAM key blobs or OP-TEE?&amp;nbsp; The OP-TEE path is simpler it seems and I could simply store the keys in the trusted application and provide an API in the client application to retrieve the data when I need it.&amp;nbsp; I suppose the CAAM method might provide a little more security perhaps?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The other implementation would be to use OP-TEE and the CAAM to perform all cryptographic functions in the secure world and only provide a minimal API on the client side to access any needed functions/data.&amp;nbsp; This seems to be more similar to the enhanced OpenSSL application note.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Am I understanding this correctly?&amp;nbsp; &amp;nbsp;Also, are there any examples that apply to Linux kernel 5.4?&lt;/P&gt;&lt;H1 class="" style="color: #222222; background-color: #ffffff; font-weight: normal; font-size: 14px;"&gt;&lt;/H1&gt;&lt;DIV data-async-context="query:imx8m%20mini" style="color: #222222; background-color: #ffffff; font-size: medium; margin-top: 6px;"&gt;&lt;DIV class="" style="font-size: 14px; margin-bottom: 28px;"&gt;&lt;DIV class="" data-hveid="CAQQAA" data-ved="2ahUKEwjFq-Kt0e7qAhURHDQIHe63AlcQFSgAMAB6BAgEEAA"&gt;&lt;DIV class="" style="font-weight: normal; font-size: small;"&gt;&lt;/DIV&gt;&lt;/DIV&gt;&lt;/DIV&gt;&lt;/DIV&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Tue, 28 Jul 2020 00:10:11 GMT</pubDate>
    <dc:creator>msaenger</dc:creator>
    <dc:date>2020-07-28T00:10:11Z</dc:date>
    <item>
      <title>CAAM or OP-TEE</title>
      <link>https://community.nxp.com/t5/i-MX-Processors/CAAM-or-OP-TEE/m-p/1093114#M160135</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hello,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I'm looking to store some sensitive data on the i.MX 8M Mini EVK and have a question regarding usage of the CAAM and OP-TEE.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I've found the example projects here:&amp;nbsp;&lt;A class="link-titled" href="https://source.codeaurora.org/external/imxsupport/imx_sec_apps/" title="https://source.codeaurora.org/external/imxsupport/imx_sec_apps/"&gt;imx_sec_apps - i.MX Security Application Examples&lt;/A&gt;&amp;nbsp; and have been looking at&amp;nbsp;application note AN12554 (&lt;A class="link-titled" href="https://www.nxp.com/docs/en/application-note/AN12554.pdf" title="https://www.nxp.com/docs/en/application-note/AN12554.pdf"&gt;https://www.nxp.com/docs/en/application-note/AN12554.pdf&lt;/A&gt;) for CAAM key blobs and on the OP-TEE side I have been looking at the enhanced OpenSSL project in the repository I mentioned and application note AN12632 (&lt;A class="link-titled" href="https://www.nxp.com/docs/en/application-note/AN12632.pdf" title="https://www.nxp.com/docs/en/application-note/AN12632.pdf"&gt;https://www.nxp.com/docs/en/application-note/AN12632.pdf&lt;/A&gt;).&amp;nbsp;&amp;nbsp;After reading these and playing around with the code, it seems that I could use either of these methods to accomplish my goal of storing some sensitive data.&amp;nbsp; My question is could I do this using the CAAM key blobs or OP-TEE?&amp;nbsp; The OP-TEE path is simpler it seems and I could simply store the keys in the trusted application and provide an API in the client application to retrieve the data when I need it.&amp;nbsp; I suppose the CAAM method might provide a little more security perhaps?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The other implementation would be to use OP-TEE and the CAAM to perform all cryptographic functions in the secure world and only provide a minimal API on the client side to access any needed functions/data.&amp;nbsp; This seems to be more similar to the enhanced OpenSSL application note.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Am I understanding this correctly?&amp;nbsp; &amp;nbsp;Also, are there any examples that apply to Linux kernel 5.4?&lt;/P&gt;&lt;H1 class="" style="color: #222222; background-color: #ffffff; font-weight: normal; font-size: 14px;"&gt;&lt;/H1&gt;&lt;DIV data-async-context="query:imx8m%20mini" style="color: #222222; background-color: #ffffff; font-size: medium; margin-top: 6px;"&gt;&lt;DIV class="" style="font-size: 14px; margin-bottom: 28px;"&gt;&lt;DIV class="" data-hveid="CAQQAA" data-ved="2ahUKEwjFq-Kt0e7qAhURHDQIHe63AlcQFSgAMAB6BAgEEAA"&gt;&lt;DIV class="" style="font-weight: normal; font-size: small;"&gt;&lt;/DIV&gt;&lt;/DIV&gt;&lt;/DIV&gt;&lt;/DIV&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 28 Jul 2020 00:10:11 GMT</pubDate>
      <guid>https://community.nxp.com/t5/i-MX-Processors/CAAM-or-OP-TEE/m-p/1093114#M160135</guid>
      <dc:creator>msaenger</dc:creator>
      <dc:date>2020-07-28T00:10:11Z</dc:date>
    </item>
    <item>
      <title>Re: CAAM or OP-TEE</title>
      <link>https://community.nxp.com/t5/i-MX-Processors/CAAM-or-OP-TEE/m-p/1093115#M160136</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;&lt;A class="jx-jive-macro-user" href="https://community.nxp.com/people/msaenger"&gt;msaenger&lt;/A&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Hello,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp; Generally Your understanding is correct. Optee may be considered as software approach,&amp;nbsp;&lt;/P&gt;&lt;P&gt;but CAAM provides hardware one. The demo examples&amp;nbsp; are not fully tested, but show how to&lt;/P&gt;&lt;P&gt;integrate different stacks of software to use with i.MX reference boards and our BSP release.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Regards,&lt;/P&gt;&lt;P&gt;Yuri.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 29 Jul 2020 05:48:45 GMT</pubDate>
      <guid>https://community.nxp.com/t5/i-MX-Processors/CAAM-or-OP-TEE/m-p/1093115#M160136</guid>
      <dc:creator>Yuri</dc:creator>
      <dc:date>2020-07-29T05:48:45Z</dc:date>
    </item>
  </channel>
</rss>

