- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Home
- :
- QorIQ Processing Platforms
- :
- Layerscape
- :
- SEC RTA and secengine for LS1046
SEC RTA and secengine for LS1046
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SEC RTA and secengine for LS1046
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would like to make use of the security engine in the LS1046 and am interested to find out if there are any source code samples or libraries for it. I found a brochure that references SEC RTA Library that might be helpful but can't find any information on it and not sure if it would be helpful.
I know that other NXP processors such as the S32K have reference source code designs for some of the security components like for the CSE interface, and would very much like to find if something like that is available for this LS1046 processor or similar processor with the same security engine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RTIC is interesting, but we intend on performing a secure boot and also to use the crypto engine for some other general purpose crypto operations. I found a brochure that mentions SEC RTA as if that might help to configure it, but have not found any details on it. This is the first crypto engine that we have encountered that did not have sample or library code to support the engine.
yipingwang
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Regards to crypto engine SEC RTA, it is documented in the LSDK user guide.
The RTA documentation is in
https://docs.nxp.com/bundle/GUID-487B2E69-BB19-42CB-AC38-7EF18C0FE3AE/page/G
UID-AB2B4FFB-74A4-49DC-85C1-81EA026863C5.html#GUID-AB2B4FFB-74A4-49DC-85C1-8
1EA026863C5
#####
Runtime Assembler Library Reference
Last updated Dec 28, 2017
Use the Runtime Assembler Library to write SEC descriptors.
Runtime Assembler Library Reference
Use the Runtime Assembler Library to write SEC descriptors. This reference
describes the structure, concept, functionality, and high-level API.
The following section contains Writing Descriptors for NXP CAAM using RTA
Library. The guide is available in a downloadable ZIP package and in a PDF
format.
Click this link to view PDF output for this document.
Click this link to download the NXP CAAM using RTA Library ZIP package. To
open the NXP CAAM using RTA Library, download the ZIP package and extract
the files, as explained in the following steps.
Extract the files using any file archiver and compressor utility, for
example 7Zip.
After extracting, double-click the Start Here file to open the Reference
Manual in your default browser.
If you are working in a Linux environment, browse to the WDNCRL_Rev18.03
folder and double-click the index.html to open the guide in your default
browser.
#####
The download link for RTA is:
https://nxp-be-prod.zoominsoftware.io/bundle/GUID-487B2E69-BB19-42CB-AC38-7E
F18C0FE3AE/page/GUID-D6A87248-D5A0-43B8-9AC4-69D3FF39D5A3.zip
The download link for RTA document in PDF is:
https://nxp-be-prod.zoominsoftware.io/bundle/GUID-487B2E69-BB19-42CB-AC38-7E
F18C0FE3AE/page/GUID-B4854EB7-7296-4C52-B28E-3E3456C4F9F6.pdf
Customer will able to find the reference and use cases of SEC engine in
LSDK's IPsec, openssl, DPDK, cryptodev, and uboot code.
For secure boot, software procedure is in LSDK User Guide, e.g.
https://docs.nxp.com/bundle/GUID-487B2E69-BB19-42CB-AC38-7EF18C0FE3AE/page/G
UID-65A50152-786D-4579-BA20-A540495AD735.html
The registers level detail is in a NDA document, "QorIQ Trust Architecture
2.1 User Guide". Customer need separate request to access it from the Trust
Architecture User group.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Only one link out of these works. The others go to page not found.
yipingwang
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I checked all these links are available
The RTA documentation:
The download link for RTA is:
The download link for RTA document in PDF is:
For secure boot, software procedure is in LSDK User Guide, e.g.
yipingwang
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The RTIC is documented in the LS1046ASECRM.pdf, which can be download from
the nxp.com. Please refers to
Chapter 12 Trust Architecture modules
12.1 Run-time integrity checker
(RTIC)......................................................................
.......................................................651
12.1.1 RTIC modes of
operation...................................................................
........................................................651
12.1.2 RTIC initialization and
operation...................................................................
........................................... 651
12.1.3 RTIC use of the Throttle
Register....................................................................
..........................................652
12.1.4 RTIC use of command, configuration, and status
registers...................................................................
.... 652
12.1.5 Initializing
RTIC........................................................................
................................................................ 653
12.1.6 RTIC Memory Block Address/Length
Registers...................................................................
....................653
There are no C level source code samples for it. To run a demo, customer can
touch the registers to enable it. Here are the sample procedures in uboot
with registers level configuration.
#####
Run time integrity checker (RTIC) is a hardware feature that checks the
integrity of the operating environment. You can use RTIC to monitor binary
images, set it up as a static data area, or administrative database that are
constant in nature. As soon as RTIC detects any modification in the memory
regions it monitors, you can either send an interpretation to the host for
post processing, or change the security state of the SoC to lockout
cryptographic key(s) access to protect sensitive date.
Below is a register level prototype to enable RTIC to monitor a pre-defined
memory region.
=> mw.l a0000000 11112222 100 <-# init RAM address
=> md 0x1760000 4 <-display RTIC status
01760000: 00000000 00000400 00000000 00000000 ................
=> mw.l 0x176001c 0xff000000 <- # set RTIC Throttle (RTHR)
=> mw.l 0x176002c 0xffff0000 <- # set RTIC Watchdog Timer (RWDOG)
=> mw.l 0x1760104 000000a0 <- # set RTIC monitor address (RMAA)
=> mw.l 0x176010c 00010000 <- # set RTIC monitor length (RMAL)
=> mw.l 0x1760014 10010000 <- Enable and unlock run time memory (RCTL)
=> mw.l 0x176000c 02000000 <- Hash block A once (RMAL)
=> mw.l 0x176000c 04000000 <- Enable Run Time Check (RMAL)
=> md 0x1760000; md 0x1760000 <- display RTIC Status (RSTA)
01760000: 00000000 01000004 00000000 00000000 ................
01760000: 00000000 01000a04 00000000 00000000 ................
01 = RTIC Busy, 02 = Hash Once Operation Completed. 04=sec violation
00 = no address error for all four blocks
0a = RTD, RTIC is in Run Time mode, All blocks hashed (ABH)
04 = run time state, 02 Single Hash State, 06 = Error State
When the RTIC monitored memory region is modified, the SECMON changes the
state to non-secure and locks out black key access for further cryptographic
operations.
=> md 0x1760000; echo; md 01e90000;
01760000: 00000000 01000004 00000000 00000000 ................
01760010: 00000000 10110000 00000000 ff000000 ................
01e90000: 00000000 00000000 00000000 00000000 ................
01e90010: 00000000 00ad0080 00000000 00000000 ................ <-
Trusted state, OTPMK programmed
=> mw.l a0000000 01234567 <- modify any area monitored
by RTIC block A
=> md 0x1760000; echo; md 01e90000; <- take few cycles for RTIC
to update state!
01760000: 00000000 14000206 00000000 00000000 ................
01760010: 00000000 10100000 00000000 ff000000 ................
01e90000: 00000000 00000000 00000000 00000000 ................
01e90010: 00000000 00a30088 01000000 00000000 ................ <- HPSR:
SSM = Soft fail.OTPMK=0
Recall for the SecMon_HP Status register (HPSR), 0x88 means both OPTMK and
ZMK, and 0x03 means that the security monitor is in a soft fail state.
#####
