2396298_en-US

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

2396298_en-US

2396298_en-US

Can ELE Retain Keys in Host-Inaccessible Non-Volatile Storage?

Hi,


I would like to ask about persistent key storage for use with the EdgeLock Secure Enclave (ELE).
Based on my understanding of the KW47 Security Reference Manual, keys used by ELE for cryptographic operations can be stored persistently using the Key Storage Services. My understanding of the typical flow is as follows:

1. Create a Key Blob for the target key and export it to the host.
2. Store the exported Key Blob in non-volatile memory such as Flash.
3. When the key is needed for a cryptographic operation, import the Key Blob and use the key through ELE.

In this approach, the Key Blob is generated by ELE, so the host cannot read the actual key material. However, since the Key Blob itself is stored by the host in Flash, it appears that the host could still delete or overwrite the Key Blob.
My question is:
Is there a way to store a key (or its Key Blob) in a non-volatile storage area that is accessible by ELE but not accessible by the host, allowing cryptographic operations to be performed by ELE without the key material or Key Blob ever being exposed to the host at any point?
In other words, is it possible for ELE to own and manage persistent key storage entirely within a secure region, such that the host never handles the key or Key Blob directly?
Thank you in advance for your guidance.

タグ(1)
評価なし
バージョン履歴
最終更新日:
昨日
更新者: