FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

NXP support for ECC on LS1043ARD?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NXP support for ECC on LS1043ARD?

‎04-06-2017 02:05 PM
826 Views
Gandalf-kern
Contributor IV

Several sources including NSA has made recommendations for use of ECC (Elliptic Curve Cryptography) based signing and verification of certs using ECDSA moving forward.

 

The way we interpret the NXP SEC manuals is that ECC is not completely HW assisted. That is, there is not a dedicated engine to do ECC based calculations.

 

1) Does the LS1043A support ECC with full HW acceleration?

2) If not, then we need to get more details from NXP on how ECC is supported and how it can be used, particularly with CST?

3)  ECC is never mentioned in the Secure Boot Documents, but LS1043A SOC has a SEC module which supports ECC and it is certified by NIST. ECC support for Secure Boot is dependent on the PBL (Preboot loader) and U-Boot, so if PBL does not support ECC, is it the case that the entire chain of trust will not support ECC also?

4) Does CST support Elliptical Cure Cryptography (ECC)?

5) We tried to use the ECC option on CST, but it failed. The CST does not support an ECC option, or how should the CST arguments appear for ECC to get the ECC option to work on CST?

Labels (1)
Labels
Tags (1)
0 Kudos
Reply
1 Reply

‎04-07-2017 09:12 AM
615 Views
bpe
NXP Employee
NXP Employee


>1) Does the LS1043A support ECC with full HW acceleration?
>
[Platon] Yes, ECC is supported by LS1043A SEC, but the same hardware
unit is responsible for other public key operations. If you are interested
in a device that can perform several public key operations in parallel,
consider C29x series crypto co-processors:

http://www.nxp.com/products/microcontrollers-and-processors/more-processors/application-specific-mcu...


>2) If not, then we need to get more details from NXP on how ECC is
>supported and how it can be used, particularly with CST?
>
[Platon] Refer to LS1043ASECRM, Sections 8.4, 8.5, 11.1.4,
11.1.6.39 through 11.1.6.57. for details on supported ECC operations.
CST is discussed below.

>3)  ECC is never mentioned in the Secure Boot Documents, but LS1043A
>    SOC has a SEC module which supports ECC and it is certified by
>    NIST. ECC support for Secure Boot is dependent on the PBL
>    (Preboot loader) and U-Boot, so if PBL does not support ECC, is
>    it the case that the entire chain of trust will not support ECC
>    also?
>
[Platon] There is a lot of confusion. PBL has nothing to do with
Secure Boot because it does it's job before ISBC takes control.
See LS1043ARM, Section 31.6 for details. Image signatire verification
procedures implemented in the on-chip boot ROM (ISBC) support only
RSA over a prime field, therefore there is no support to ECC in
Secure Boot.
 
>4) Does CST support Elliptical Cure Cryptography (ECC)?
>
[Platon] CST is a tool that generates essentially the signatures
recognized by ISBC routines. For the reason specified above, there
is no support to ECC in CST.
 

>5) We tried to use the ECC option on CST, but it failed. The CST does
>   not support an ECC option, or how should the CST arguments appear
>   for ECC to get the ECC option to work on CST?
>
[Platon] See explanations above.  


Have a great day,
Platon

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply