i.MX Processors Knowledge Base

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

i.MX Processors Knowledge Base

Discussions

Sort by:
This article describe i.MX8MP normal HAB security boot, and server/client mode. For server/client mode, it is based on customer requirement, because private is stored in server can't be accessed.
View full article
The document will cover three parts, which include: A brief introduction to RSA algorithm How to compile boot image including OP-TEE-OS for Boot media - QSPI The steps to sign and verification The SoC for this experiment is based on i.MX8MP-EVK
View full article
    The meta layer is designed for those guys who want to use i.MX8M series SOC and Yocto system to develop AGV and Robot.    The platform includes some key components: 1, ROS1 (kinetic, melodic) and ROS2(dashing, eloquent, foxy) 2, Real-time Linux solution : Xenomai 3.1 with ipipe 5.4.47 patch 3, Industrial protocol : libmodbus, linuxptp, ros-canopen, EtherCAT(TBD) 4, Security: Enhanced OpenSSL, Enhanced GmSSL, Enhanced eCryptfs, secure key store, secure boot(TBD), SE-Linux(TBD),  Dm-verity(TBD) The first release bases on i.MX Yocto release L5.4.47 2.2.0 and You need download Linux 5.4.47_2.2.0 according to​​ https://www.nxp.com/docs/en/user-guide/IMX_YOCTO_PROJECT_USERS_GUIDE.pdf  firstly. And then you can follow the below guide to build and test ROS and Xenomai. A, clone meta-robot-platform from gitee.com git clone https://gitee.com/zxd2021-imx/meta-robot-platform.git git checkout v0.1-L5.4.47-2.2.0 B, Adding the meta-robot-platform layer to your build 1,  copy meta-robot-platform into <i.MX Yocto folder>/source 2, You should create a symbol link: setup-imx-robot.sh -> sources/meta-robot-platform/imx/meta-robot/tools/setup-imx-robot.sh C, How to build Robot image (example for i.MX8MQ EVK board) $ DISTRO=imx-robot-xwayland MACHINE=imx8mqevk source setup-imx-robot.sh -r kinetic -b imx8mqevk-robot-kinetic [or DISTRO=imx-robot-xwayland MACHINE=imx8mqevk source setup-imx-robot.sh -r melodic -b imx8mqevk-robot-melodic ] [or DISTRO=imx-robot-xwayland MACHINE=imx8mqevk source setup-imx-robot.sh -r dashing -b imx8mqevk-robot-dashing ] [or DISTRO=imx-robot-xwayland MACHINE=imx8mqevk source setup-imx-robot.sh -r eloquent -b imx8mqevk-robot-eloquent ] [or DISTRO=imx-robot-xwayland MACHINE=imx8mqevk source setup-imx-robot.sh -r foxy -b imx8mqevk-robot-foxy ] $ bitbake imx-robot-core [or bitbake imx-robot-system ] [or bitbake imx-robot-sdk ] And if you add XENOMAI_KERNEL_MODE = "cobalt" or XENOMAI_KERNEL_MODE = "mercury" in local.conf, you also can build real-time image with Xenomai by the below command: $ bitbake imx-robot-core-rt [or bitbake imx-robot-system-rt ] D, Robot image sanity testing //ROS1 Sanity Test #source /opt/ros/kinetic/setup.sh [or # source /opt/ros/melodic/setup.sh ] #echo $LD_LIBRARY_PATH #roscore & #rosnode list #rostopic list #only kinetic #rosmsg list #rosnode info /rosout //ROS2 Sanity Test #source ros_setup.sh #echo $LD_LIBRARY_PATH #ros2 topic list #ros2 msg list #only dashing #ros2 interface list #(sleep 5; ros2 topic pub /chatter std_msgs/String "data: Hello world") & #ros2 topic echo /chatter E, Xenomai sanity testing #/usr/xenomai/demo/cyclictest -p 50 -t 5 -m -n -i 1000 F, vSLAM demo You can find orb-slam2 demo under <i.MX Yocto folder>/sources/meta-robot-platform/imx/meta-robot/recipes-demo/orb-slam2. You should choose DISTRO=imx-robot-xwayland due to it depends on OpenCV with gtk+.   //////////////////////////////////////// update for Yocto L5.4.70 2.3.0  /////////////////////////////////////////////////////////// New release package meta-robot-platform-v0.2-L5.4.70-2.3.0 for Yocto release L5.4.70 2.3.0 and it supports i.MX8M series (8MQ,8MM,8MN and 8MP) and i.MX8QM/QXP.  git clone https://gitee.com/zxd2021-imx/meta-robot-platform.git git checkout v0.2-L5.4.70-2.3.0 Updating: 1, Support i.MX8QM and i.MX8QXP 2, Add ROS driver of RPLIDAR and Orbbec 3D cameras in ROS1 3, Upgrade OpenCV to 3.4.13. 4, Add imx-robot-agv image with orb-slam2 demo 5, Fix the issue which failed to create image when adding orb-slam2 6, Fix the issue which failed to create imx-robot sdk image when add package ISP and ML Note: Currently, orb-slam2 demo don't run on i.MX8MM platform due to its GPU don't support OpenGL ES3. imx-robot-sdk image is just for building ROS package on i.MX board, not  for cross-compile. You can try "bitbake imx-robot-system -c populate_sdk" to create cross-compile sdk without gmssl-bin. diff --git a/imx/meta-robot/recipes-core/images/imx-robot-system.bb b/imx/meta-robot/recipes-core/images/imx-robot-system.bb index 1991ab10..68f9ad31 100644 --- a/imx/meta-robot/recipes-core/images/imx-robot-system.bb +++ b/imx/meta-robot/recipes-core/images/imx-robot-system.bb @@ -35,7 +35,7 @@ CORE_IMAGE_EXTRA_INSTALL += " \ ${@bb.utils.contains('DISTRO_FEATURES', 'x11 wayland', 'weston-xwayland xterm', '', d)} \ ${ISP_PKGS} \ " -IMAGE_INSTALL += " clblast openblas libeigen opencv gmssl-bin" +IMAGE_INSTALL += " clblast openblas libeigen opencv" IMAGE_INSTALL += " \ ${ML_PKGS} \   //////////////////////////////////////// Update for Yocto L5.4.70 2.3.2  /////////////////////////////////////////////////////////// New release package meta-robot-platform-v0.3-L5.4.70-2.3.2 for Yocto release L5.4.70 2.3.2 .  git clone https://gitee.com/zxd2021-imx/meta-robot-platform.git git checkout v0.3-L5.4.70-2.3.2 Updated: 1, Upgrade to L5.4.70-2.3.2 2, Enable xenomai rtdm driver 3, Add NXP Software Content Register and BSP patches of i.MX8M Plus AI Robot board. Note: How to build for AI Robot board 1, DISTRO=imx-robot-wayland MACHINE=imx8mp-ddr4-ipc source setup-imx-robot.sh -r melodic -b imx8mp-ddr4-ipc-robot-melodic 2, Add BBLAYERS += " ${BSPDIR}/sources/meta-robot-platform/imx/meta-imx8mp-ai-robot " in bblayers.conf 3, bitbake imx-robot-sdk or bitbake imx-robot-agv   //////////////////////////////////////// Update for v1.0-L5.4.70-2.3.2  /////////////////////////////////////////////////////////// New release package meta-robot-platform-v1.0-L5.4.70-2.3.2 .  git clone https://gitee.com/zxd2021-imx/meta-robot-platform.git git checkout v1.0-L5.4.70-2.3.2 Updated: 1, Upgrade ROS1 Kinetic Kame to Release 2021-05-11 which is final sync. 2, Add IgH EtherCAT Master for Linux in i.MX Robot platform. //////////////////////////////////////// Update for v1.1-L5.4.70-2.3.2  /////////////////////////////////////////////////////////// New release package meta-robot-platform-v1.1-L5.4.70-2.3.2 .  git clone https://gitee.com/zxd2021-imx/meta-robot-platform.git git checkout v1.1-L5.4.70-2.3.2 Updated: 1, Add more packages passed building in ROS1 Kinetic Kame. 2, Change the board name (From IPC to AI-Robot) in Uboot and kernel for i.MX8M Plus AI Robot board. You can use the below setup command to build ROS image for AI Robot board: DISTRO=imx-robot-xwayland MACHINE=imx8mp-ai-robot source setup-imx-robot.sh -r kinetic -b imx8mp-ai-robot-robot-kinetic DISTRO=imx-robot-xwayland MACHINE=imx8mp-ai-robot source setup-imx-robot.sh -r melodic -b imx8mp-ai-robot-robot-melodic DISTRO=imx-robot-xwayland MACHINE=imx8mp-ai-robot source setup-imx-robot.sh -r dashing -b imx8mp-ai-robot-robot-dashing DISTRO=imx-robot-xwayland MACHINE=imx8mp-ai-robot source setup-imx-robot.sh -r eloquent -b imx8mp-ai-robot-robot-eloquent DISTRO=imx-robot-xwayland MACHINE=imx8mp-ai-robot source setup-imx-robot.sh -r foxy -b imx8mp-ai-robot-robot-foxy BTW, you should add BBLAYERS += " ${BSPDIR}/sources/meta-robot-platform/imx/meta-imx8mp-ai-robot " in conf/bblayers.conf.   //////////////////////////////////////// Update for v1.2-L5.4.70-2.3.3  /////////////////////////////////////////////////////////// New release package meta-robot-platform-v1.2-L5.4.70-2.3.3 .  git clone https://gitee.com/zxd2021-imx/meta-robot-platform.git git checkout v1.2-L5.4.70-2.3.3 Updated: 1, Update to Yocto release L5.4.70-2.3.3 2, Enable RTNet FEC driver, test on i.MX8M Mini EVK and i.MX8M Plus EVK. For the detailed information,  Please refer to the community post 移植实时Linux方案Xenomai到i.MX ARM64平台 (Enable Xenomai on i.MX ARM64 Platform)    //////////////////////////////////////// Update for v2.1-L5.10.52-2.1.0  /////////////////////////////////////////////////////////// New release package meta-robot-platform-v2.1-L5.10.52-2.1.0 .  git clone https://gitee.com/zxd2021-imx/meta-robot-platform.git git checkout v2.1.1-L5.10.52-2.1.0 Updated: 1, Update to Yocto release L5.10.52-2.1.0 2, Add ROS1 noetic, ROS2 galactic and rolling 3, Upgrade Xenomai to v3.2 4, Add vSLAM demo orb-slam3 5, Upgrade OpenCV to 3.4.15 for ROS1 A, Adding the meta-robot-platform layer to your build 1,  copy meta-robot-platform into <i.MX Yocto folder>/source 2, You should create a symbol link: setup-imx-robot.sh -> sources/meta-robot-platform/imx/meta-robot/tools/setup-imx-robot.sh B, How to build Robot image (example for i.MX8M Plus EVK board) $ DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r kinetic -b imx8mpevk-robot-kinetic [or DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r melodic -b imx8mpevk-robot-melodic ] [or DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r noetic-b imx8mpevk-robot-noetic] [or DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r dashing -b imx8mpevk-robot-dashing ] [or DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r eloquent -b imx8mpevk-robot-eloquent ] [or DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r foxy -b imx8mpevk-robot-foxy ] [or DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r galactic -b imx8mpevk-robot-galactic ] [or DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r rolling -b imx8mpevk-robot-rolling ] $ bitbake imx-robot-agv [or bitbake imx-robot-core ] [or bitbake imx-robot-system ] [or bitbake imx-robot-sdk ]   //////////////////////////////////////// Update for v2.2-L5.10.72-2.2.0  /////////////////////////////////////////////////////////// New release package meta-robot-platform-v2.2-L5.10.72-2.2.0 .  git clone https://gitee.com/zxd2021-imx/meta-robot-platform.git git checkout v2.2.0-L5.10.72-2.2.0 Updated: 1, Update to Yocto release L5.10.72-2.2.0   //////////////////////////////////////// Update for v2.2.3-L5.10.72-2.2.3  /////////////////////////////////////////////////////////// New release package meta-robot-platform-v2.2.3-L5.10.72-2.2.3.  repo init -u https://github.com/nxp-imx/imx-manifest -b imx-linux-hardknott -m imx-5.10.72-2.2.3.xml git clone https://gitee.com/zxd2021-imx/meta-robot-platform.git git checkout v2.2.3-L5.10.72-2.2.3 1,  copy meta-robot-platform into <i.MX Yocto folder>/source 2, You should create a symbol link: setup-imx-robot.sh -> sources/meta-robot-platform/imx/meta-robot/tools/setup-imx-robot.sh Updated: 1, Update to Yocto release L5.10.72-2.2.3 2, Update ISP SDK (isp-imx) patch for Github changing.   //////////////////////////////////////// Update for v3.1-L5.15.71-2.2.0  /////////////////////////////////////////////////////////// New release package meta-robot-platform-v3.1-L5.15.71-2.2.0.  repo init -u https://github.com/nxp-imx/imx-manifest -b imx-linux-kirkstone -m imx-5.15.71-2.2.0.xml git clone https://gitee.com/zxd2021-imx/meta-robot-platform.git git checkout v3.1-L5.15.71-2.2.0 1,  copy meta-robot-platform into <i.MX Yocto folder>/source 2, You should create a symbol link: setup-imx-robot.sh -> sources/meta-robot-platform/imx/meta-robot/tools/setup-imx-robot.sh Updated: 1, Update to Yocto release L5.15.71-2.2.0 and ROS1 Noetic and ROS2 Foxy to last version 2, Add ROS2 Humble and remove EOL distributions (ROS1 Kinetic, Melodic and ROS2 Dashing, Eloquent and Galactic). How to build Robot image (example for i.MX8M Plus EVK board) $DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r noetic-b imx8mpevk-robot-noetic [or DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r foxy -b imx8mpevk-robot-foxy ] [or DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r humble -b imx8mpevk-robot-humble ] $ bitbake imx-robot-sdk [or bitbake imx-robot-core ] [or bitbake imx-robot-system ] [or bitbake imx-robot-agv ]   //////////////////////////////////////// Update for v3.3-L5.15.71-2.2.0  /////////////////////////////////////////////////////////// New release package meta-robot-platform-v3.3-L5.15.71-2.2.0.  repo init -u https://github.com/nxp-imx/imx-manifest -b imx-linux-kirkstone -m imx-5.15.71-2.2.0.xml git clone https://gitee.com/zxd2021-imx/meta-robot-platform.git git checkout v3.3-L5.15.71-2.2.0 1,  copy meta-robot-platform into <i.MX Yocto folder>/source 2, You should create a symbol link: setup-imx-robot.sh -> sources/meta-robot-platform/imx/meta-robot/tools/setup-imx-robot.sh Updated: 1, Add vSLAM ROS demo based on i.MX vSLAM SDK and i.MX AIBot. The demo video is here: Autonomous Navigation with vSLAM, Based on the i.MX 8M Plus Applications Processor   2, Enable DDS Security and SROS2 for ROS 2’s security features. How to build Robot image (example for i.MX8M Plus EVK board) $DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r noetic-b imx8mpevk-robot-noetic [or DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r foxy -b imx8mpevk-robot-foxy ] [or DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r humble -b imx8mpevk-robot-humble ] $ bitbake imx-robot-sdk [or bitbake imx-robot-agv ] [or bitbake imx-robot-system ] [or bitbake imx-robot-core ]   //////////////////////////////////////// Update for v4.0-L6.1.55-2.2.0  /////////////////////////////////////////////////////////// New release package meta-robot-platform-v4.0-L6.1.55-2.2.0.  repo init -u https://github.com/nxp-imx/imx-manifest -b imx-linux-mickledore -m imx-6.1.55-2.2.0.xml git clone https://gitee.com/zxd2021-imx/meta-robot-platform.git git checkout mickledore-6.1.55 1,  copy meta-robot-platform into <i.MX Yocto folder>/source 2, You should create a symbol link: setup-imx-robot.sh -> sources/meta-robot-platform/imx/meta-robot/tools/setup-imx-robot.sh Updated: 1, Migrate i.MX Robot platform to Yocto mickledore with L6.1.55. 2, Add ROS2 iron. How to build Robot image (example for i.MX8M Plus EVK board) $DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r humble -b imx8mpevk-robot-humble [or DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r iron -b imx8mpevk-robot-iron ] [or DISTRO=imx-robot-xwayland MACHINE=imx8mpevk source setup-imx-robot.sh -r noetic-b imx8mpevk-robot-noetic] $ bitbake -k imx-robot-sdk [or bitbake imx-robot-agv ] [or bitbake imx-robot-system ] [or bitbake imx-robot-core ]  
View full article
This article introduces the overall functionality of i.MX8X security. Simulate the process of i.MX8X signature through OpenSSL provides readers with a deeper understanding of this process.   Because lots of limitation for attachments. Have to do following.  1. download                       T4549-i.MX8X security overview and AHAB deep dive.zip.001.zip                      T4549-i.MX8X security overview and AHAB deep dive.zip.002.zip                      T4549-i.MX8X security overview and AHAB deep dive.zip.003.zip 2. decompress                T4549-i.MX8X security overview and AHAB deep dive.zip.001.zip                T4549-i.MX8X security overview and AHAB deep dive.zip.002.zip                T4549-i.MX8X security overview and AHAB deep dive.zip.003.zip 3. Put together and decompress         T4549-i.MX8X security overview and AHAB deep dive.zip.001    T4549-i.MX8X security overview and AHAB deep dive.zip.002    T4549-i.MX8X security overview and AHAB deep dive.zip.003  
View full article
GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 and other national secret (national commercial password) algorithm, SM2 digital certificate and SM2 certificate based on SSL / TLS secure communication protocol to support the national security hardware password device , To provide in line with the national standard programming interface and command line tools, can be used to build PKI / CA, secure communication, data encryption and other standards in line with national security applications. For more information, please access GmSSL official website http://gmssl.org/english.html.   Software environments as the belows: Linux kernel: imx_4.14.98_2.0.0_ga cryptodev: 1.9 HW platform: i.MX6UL, i.MX7D/S, i.MX8M/MM, i.MX8QM/QXP. The patches include the following features: 1, Support SM2/SM9 encryption/decryption/sign/verify/key exchange, RSA encryption/decryption, DSA/ECDSA sign/verify, DH/ECDH key agreement, ECC & DLC & RSA key generation and big number operation and elliptic curve math by CAAM hardware accelerating. 2, run "git apply 0001-Enhance-cryptodev-and-its-engine-in-GmSSL-by-CAAM-s-.patch" under folder sources/poky, and "git apply 0001-Add-public-key-cryptography-operations-in-CAAM-drive.patch" under folder sources/meta-fsl-bsp-release for patch these codes. 3, GmSSL Build command: $ tar zxvf GmSSL-master-iMX.tgz $ cd GmSSL-master-iMX (For i.MX8M/MM, i.MX8QM/QXP) $ source /opt/arm-arch64/environment-setup-aarch64-poky-linux  $ ./Configure -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHW_ENDIAN_SWAP  --prefix=~/install64 --openssldir=/etc/gmssl --libdir=/usr/lib no-saf no-sdf no-skf no-sof no-zuc -no-ssl3 shared linux-aarch64 $ make  $ make install                            /*image and config file will be installed to folder ~/install64 */   (For i.MX6UL, i.MX7D/S) $ source /opt/arm-arch32/environment-setup-cortexa7hf-neon-poky-linux-gnueabi $ ./Configure -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS --prefix=~/install32 --openssldir=/etc/gmssl --libdir=/usr/lib no-saf no-sdf no-skf no-sof no-zuc -no-ssl3 shared linux-armv4 $ make  $ make install                            /*image and config file will be installed to folder ~/install32 */   4, How to use GmSSL: copy image gmssl to /usr/bin on i.MX board; copy gmssl libcrypto.so.1.1 and libssl.so.1.1 to /usr/lib on i.MX board; copy folder etc/gmssl to /etc/ on i.MX board. copy test examples (dhtest, dsatest, rsa_test, ecdhtest, ecdsatest, eciestest, sm3test, sms4test, sm2test, sm9test) under GmSSL-master-iMX/test  to U disk for running. You can run test examples by the following commands: #insmod /lib/modules/4.14.98-imx_4.14.98_2.0.0_ga+g5d6cbeafb80c/extra/cryptodev.ko #/run/media/sda1/dhtest #/run/media/sda1/dsatest #/run/media/sda1/rsa_test #/run/media/sda1/ecdhtest #/run/media/sda1/ecdsatest #/run/media/sda1/eciestest #/run/media/sda1/sm3test #/run/media/sda1/sms4test #/run/media/sda1/sm2test #/run/media/sda1/sm9test and speed test commands: #gmssl speed sm2 #gmssl genrsa -rand -f4 512 #gmssl speed dsa #gmssl genrsa -rand -f4 1024 #gmssl speed rsa #gmssl genrsa -rand -f4 2048 #gmssl speed ecdsa #gmssl genrsa -rand -f4 3072 #gmssl speed ecdh #gmssl genrsa -rand -f4 4096   ++++++++++++++++++++++++++++     updating at 2019-09-10   +++++++++++++++++++++++++++++++++++++++++++++ 0001-fix-the-bug-which-hash-and-cipher-key-don-t-use-DMA-.patch fix the issue which dismatching on key buffer between crytodev and caam driver. Crytodev uses stack's buffer for key storage and caam driver use it to dma map which cause flush cache failure. The patch need to apply on cryptodev-module in Yocto build.   ++++++++++++++++++  updating at 2019-10-14 +++++++++++++++++++++++++++++++++++ This updating is for China C-V2X application. The meta-gmcrypto is Yocto layer which bases on GmSSL and Cryptodev. I add HW SM2 verification by dedicated CAAM job descriptor and enhanced SW SM2 verification by precomputed multiples of generator and ARMv8 assembler language to accelerate point  operation. Software environments as the belows: Linux kernel: imx_4.14.98_2.0.0_ga cryptodev: 1.9 HW platform: i.MX8M/MM/MN, i.MX8QM/QXP. How to build: 1, You need to git clone https://gitee.com/zxd2021-imx/meta-gmcrypto.git, and git checkout Linux-4.14.98_2.0.0.  Copy meta-gmcrypto to folder (Yocto 4.14.98_2.0.0_ga dir)/sources/ 2, Run DISTRO=fsl-imx-wayland MACHINE=imx8qxpmek source fsl-setup-release.sh -b build-cv2x and add BBLAYERS += " ${BSPDIR}/sources/meta-cv2x " into (Yocto 4.14.98_2.0.0_ga dir)/build-cv2x/conf/bblayers.conf and  IMAGE_INSTALL_append += " gmssl-bin "  into local.conf 3, Run bitbake fsl-image-validation-imx. 4, You can find cv2x-verify.c under (build dir)/tmp/work/aarch64-poky-linux/cryptodev-tests/1.9-r0/git/tests. It is example for using CAAM cryptdev interface to do C-V2X verification (includes SM2 p256, NIST p256 and brainpoolP256r1).  cv2x_benchmark.c under (build dir)/tmp/work/aarch64-poky-linux/gmssl/1.0-r0/gmssl-1.0/test is the benchmark test program of C-V2X verifying. It includes HW, SW and HW+SW(one CPU) verifying for SM2 p256, NIST p256 and brainpoolP256r1. 5, Run the below command on your i.MX8QXP MEK board. modprobe cryptodev ./cv2x_benchmark Note: the udpated GmSSL also support projective coordinates and affine coordinates (CAAM only support affine coordinates). Affine coordinates is used by default. You can call EC_GROUP_set_coordinates() and EC_GROUP_restore_coordinates() to change coordinates and restore default. When you hope to use some EC APIs under expected coordinates, you need to call EC_GROUP_set_coordinates() before EC APIs and EC_GROUP_restore_coordinates() after them. Like the below example: orig_coordinate = EC_GROUP_set_coordinates(EC_PROJECTIVE_COORDINATES); group = EC_GROUP_new_by_curve_name(NID_sm2p256v1); EC_GROUP_restore_coordinates(orig_coordinate);   ++++++++++++++++++++++++++++     updating at 2020-11-09   +++++++++++++++++++++++++++++++++++++++++++++ This updating is for Yocto release of Linux 5.4.47_2.2.0​​. The meta-gmcrypto is Yocto layer which also support c-v2x feature in previous release.  Software environments as the belows: Linux kernel: imx_5.4.47_2.2.0 cryptodev: 1.10 HW platform: i.MX6UL, i.MX7D/S, i.MX8M/8M Mini/8M Nano/8M Plus, i.MX8/8X. How to build: 1, You need to git clone https://gitee.com/zxd2021-imx/meta-gmcrypto.git, and git checkout Linux-5.4.47-2.2.0. Copy meta-gmcrypto to folder (Yocto 5.4.47_2.2.0 dir)/sources/ 2, Run DISTRO=fsl-imx-xwayland MACHINE=imx8mmevk source imx-setup-release.sh -b build-imx8mmevk and add BBLAYERS += " ${BSPDIR}/sources/meta-gmcrypto " into (Yocto 5.4.47_2.2.0 dir)/build-imx8mmevk/conf/bblayers.conf and  IMAGE_INSTALL_append += " gmssl-bin "  into local.conf 3, Run bitbake fsl-image-validation-imx. 4, You can find cv2x-verify.c under (build dir)/tmp/work/aarch64-poky-linux/cryptodev-tests/1.10caam-r0/git/tests. It is example for using CAAM cryptdev interface to do C-V2X verification (includes SM2 p256, NIST p256 and brainpoolP256r1).  cv2x_benchmark.c under (build dir)/tmp/work/aarch64-poky-linux/gmssl/1.0-r0/gmssl-1.0/test is the benchmark test program of C-V2X verifying. It includes HW, SW and HW+SW(one CPU) verifying for SM2 p256, NIST p256 and brainpoolP256r1. 5, Run the below command on your i.MX8M Mini evk board. modprobe cryptodev ./cv2x_benchmark gmssl speed sm2 gmssl speed dsa gmssl speed rsa gmssl speed ecdsa gmssl speed ecdh gmssl genrsa -rand -f4 -engine cryptodev 4096 Note: 1, the udpated GmSSL also support projective coordinates and affine coordinates (CAAM only support affine coordinates). Affine coordinates is used by default. You can call EC_GROUP_set_coordinates() and EC_GROUP_restore_coordinates() to change coordinates and restore default. When you hope to use some EC APIs under expected coordinates, you need to call EC_GROUP_set_coordinates() before EC APIs and EC_GROUP_restore_coordinates() after them. Like the below example: orig_coordinate = EC_GROUP_set_coordinates(EC_PROJECTIVE_COORDINATES); group = EC_GROUP_new_by_curve_name(NID_sm2p256v1); EC_GROUP_restore_coordinates(orig_coordinate); 2, Yocto Zeus integrates openssl 1.1.1g, so I change library name of gmssl from libcrypto to libgmcrypto and from libssl to libgmssl to avoid name confliction with openssl 1.1.1g (lib name are also libcrypto.so.1.1 and libssl.so.1.1). You should use -lgmcrypto and -lgmssl when you link gmssl library instead of -lcrypto and -lssl.   +++++++++++++++++++++++    updating at 2021-02-08  ++++++++++++++++++++++++++++ This updating is for Yocto release of Linux 5.4.70_2.3.0​​. The package meta-gmcrypto is Yocto layer which also support c-v2x feature in previous release. You need to git clone https://gitee.com/zxd2021-imx/meta-gmcrypto.git, and git checkout Linux-5.4.70-2.3.0.    +++++++++++++++++++++++    updating for Linux-5.10.52-2.1.0  +++++++++++++++++++++++ This updating is for Yocto release of Linux 5.10.52_2.1.0​​. The package meta-gmcrypto is Yocto layer which also support c-v2x feature in previous release.  1, You need to git clone https://gitee.com/zxd2021-imx/meta-gmcrypto.git, and git checkout Linux-5.10.52-2.1.0.  Copy meta-gmcrypto to folder (Yocto 5.10.52_2.1.0 dir)/sources/. 2, Run DISTRO=fsl-imx-xwayland MACHINE=imx8mmevk source imx-setup-release.sh -b build-imx8mmevk and add BBLAYERS += " ${BSPDIR}/sources/meta-gmcrypto " into (Yocto 5.10.52_2.1.0 dir)/build-imx8mmevk/conf/bblayers.conf and  IMAGE_INSTALL_append += " gmssl-bin "  into local.conf 3, Run bitbake imx-image-multimedia. 4, Run the below command on your i.MX8M Mini EVK board. modprobe cryptodev gmssl speed sm2 gmssl genrsa -rand -f4 -engine cryptodev 512 gmssl speed dsa gmssl genrsa -rand -f4 -engine cryptodev 1024 gmssl speed rsa gmssl genrsa -rand -f4 -engine cryptodev 2048 gmssl speed ecdsa gmssl genrsa -rand -f4 -engine cryptodev 3072 gmssl speed ecdh gmssl genrsa -rand -f4 -engine cryptodev 4096 gmssl speed -evp sha256 -engine cryptodev -elapsed gmssl speed -evp aes-128-cbc -engine cryptodev -elapsed gmssl speed -evp aes-128-ecb -engine cryptodev -elapsed gmssl speed -evp aes-128-cfb -engine cryptodev -elapsed gmssl speed -evp aes-128-ofb -engine cryptodev -elapsed gmssl speed -evp des-ede3 -engine cryptodev -elapsed gmssl speed -evp des-cbc -engine cryptodev -elapsed gmssl speed -evp des-ede3-cfb -engine cryptodev -elapsed +++++++++++++++++++++++    updating for Linux-5.15.71-2.2.0 +++++++++++++++++++++++ This updating is for Yocto release of Linux 5.15.71-2.2.0​​. The package meta-gmcrypto is Yocto layer which also support c-v2x feature in previous release.  1, You need to git clone https://gitee.com/zxd2021-imx/meta-gmcrypto.git, and git checkout Linux-5.15.71-2.2.0.  Copy meta-gmcrypto to folder (Yocto 5.15.71-2.2.0 dir)/sources/. 2, Run DISTRO=fsl-imx-xwayland MACHINE=imx8mmevk source imx-setup-release.sh -b build-imx8mmevk and add BBLAYERS += " ${BSPDIR}/sources/meta-gmcrypto " into (Yocto 5.15.71-2.2.0 dir)/build-imx8mmevk/conf/bblayers.conf and  IMAGE_INSTALL:append = " gmssl-bin "  into local.conf 3, Run bitbake imx-image-multimedia. 4, Run the below command on your i.MX8M Mini EVK board. modprobe cryptodev gmssl speed sm2 gmssl genrsa -rand -f4 -engine cryptodev 512 gmssl speed dsa gmssl genrsa -rand -f4 -engine cryptodev 1024 gmssl speed rsa gmssl genrsa -rand -f4 -engine cryptodev 2048 gmssl speed ecdsa gmssl genrsa -rand -f4 -engine cryptodev 3072 gmssl speed ecdh gmssl genrsa -rand -f4 -engine cryptodev 4096 gmssl speed -evp sha256 -engine cryptodev -elapsed gmssl speed -evp aes-128-cbc -engine cryptodev -elapsed gmssl speed -evp aes-128-ecb -engine cryptodev -elapsed gmssl speed -evp aes-128-cfb -engine cryptodev -elapsed gmssl speed -evp aes-128-ofb -engine cryptodev -elapsed gmssl speed -evp des-ede3 -engine cryptodev -elapsed gmssl speed -evp des-cbc -engine cryptodev -elapsed gmssl speed -evp des-ede3-cfb -engine cryptodev -elapsed   +++++++++++++++++++++++    Updating for Linux-6.1.55-2.2.0 +++++++++++++++++++++++ This updating is new GmSSL 3.1.1 and Yocto release of Linux 6.1.55-2.2.0. 主要特性 超轻量:GmSSL 3 大幅度降低了内存需求和二进制代码体积,不依赖动态内存,可以用于无操作系统的低功耗嵌入式环境(MCU、SOC等),开发者也可以更容易地将国密算法和SSL协议嵌入到现有的项目中。 更合规:GmSSL 3 可以配置为仅包含国密算法和国密协议(TLCP协议),依赖GmSSL 的密码应用更容易满足密码产品型号检测的要求,避免由于混杂非国密算法、不安全算法等导致的安全问题和合规问题。 更安全:TLS 1.3在安全性和通信延迟上相对之前的TLS协议有巨大的提升,GmSSL 3 支持TLS 1.3协议和RFC 8998的国密套件。GmSSL 3 默认支持密钥的加密保护,提升了密码算法的抗侧信道攻击能力。 跨平台:GmSSL 3 更容易跨平台,构建系统不再依赖Perl,默认的CMake构建系统可以容易地和Visual Studio、Android NDK等默认编译工具配合使用,开发者也可以手工编写Makefile在特殊环境中编译、剪裁。 More information, please refer to Readme Recipe file is the attached gmssl_3.1.1.bb.tar.gz
View full article
Hello everyone, We have recently migrated our Source code from CAF (Codeaurora) to Github, so i.MX NXP old recipes/manifest that point to Codeaurora eventually will be modified so it points correctly to Github to avoid any issues while fetching using Yocto. Also, all repo init commands for old releases should be changed from: $ repo init -u https://source.codeaurora.org/external/imx/imx-manifest -b <branch name> [ -m <release manifest>] To: $ repo init -u https://github.com/nxp-imx/imx-manifest -b <branch name> [ -m <release manifest>] This will also apply to all source code that was stored in Codeaurora, the new repository for all i.MX NXP source code is: https://github.com/nxp-imx For any issues regarding this, please create a community thread and/or a support ticket. Regards, Aldo.
View full article
  Products Product Category NXP Part Number URL MPU i.MX6 Family https://www.nxp.com/products/processors-and-microcontrollers/arm-processors/i-mx-applications-processors/i-mx-6-processors:IMX6X_SERIES   Tools NXP Development Board URL i.MX6 family developement board https://www.nxp.com/design/development-boards:EVDEBRDSSYS#/collection=softwaretools&start=0&max=25&query=typeTax%3E%3Et633::archived%3E%3E0::Sub_Asset_Type%3E%3ETSP::deviceTax%3E%3Ec731_c380_c127_c126&sorting=Buy%2FSpecifications.desc&language=en&siblings=false  
View full article
The IOMUX module on i.MX 8M enables flexible I/O multiplexing, allowing users to configure each IO pad as one of selectable functions. The CSU (Central Security Unit) module on i.MX 8M can be used to configure some devices as secure only accessible to protect the security of these devices. But as the IOMUX is Non-Secure accessilbe and thus the pad function can be configured dynamicaly, there is one risk if hackers reconfigure the IO pad to make the device connected to other controller which is accessible to Non-Secure world. One solution for this issue is configuring the CSU to limit Non-Secure access to IOMUX, all IOMUX registers write operations are routed to Trusty OS. In the Trusty OS, add all sensitive IO resources to one blacklist, the IOMUX driver in Trusty OS should check and deny any write attemption to sensitive registers from Non-Secure world. One example patch set is attached to show how to assign the IOMUX to secure world and how to route the IOMUX write operations to Trusty OS. In this example, the USB Host pinctrl PAD on i.MX8MP EVK was assigned to secure world. The layout of the example codes are:     . ├── atf │ └── 0001-config-iomux-to-secure-write.patch --> ${MY_ANDROID}/vendor/nxp-opensource/arm-trusted-firmware ├── kernel │ └── 0001-Use-Trusty-OS-to-handle-iomux-registers-written-oper.patch --> ${MY_ANDROID}/vendor/nxp-opensource/kernel_imx/ ├── trusty │ └── 0001-Add-iomux-pinctrl-TEE-handler.patch --> ${MY_TRUSTY}/trusty/hardware/nxp └── u-boot └── 0001-Use-Trusty-OS-to-handle-IOMUX-operation.patch --> ${MY_ANDROID}/vendor/nxp-opensource/uboot-imx      
View full article
  1.overwrite the sources/meta-freescale/recipes-security/optee-imx with optee-imx.zip 2.add below code to conf/local.conf DISTRO_FEATURES_append += " systemd" DISTRO_FEATURES_BACKFILL_CONSIDERED += "sysvinit" VIRTUAL-RUNTIME_init_manager = "systemd" VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" MACHINE_FEATURES_append += "optee" DISTRO_FEATURES_append += "optee" IMAGE_INSTALL_append += "optee-test optee-os optee-client optee-examples" 3.bitbake optee-examples or bitbake imx-image-xxx You can directly install optee-examples_3.11.0-r0_arm64.deb in your device.  
View full article
View the OSS Security and Maintenance Community
View full article
Most i.MX8QXP/QM customers already work on L4.14.98 GA for their Auto product, like C-V2X TBOX, Car infortainment system. Some customers also want to adopt OP-TEE in their security design, but OP-TEE on i.MX8QXP/QM platform don't support HW cryptography accelerating which base on CAAM module. So I worked on the issue last week and fixed it. The package meta-optee-add-on_4.14.98_2.0.0_ga.tgz is Yocto layer which includes all patches for fixing the issue. Software environments as the belows: Linux kernel: imx_4.14.98_2.0.0_ga HW platform:  i.MX8QM/QXP MEK. How to build: 1, decompress meta-optee-add-on_4.14.98_2.0.0_ga.tgz and copy meta-optee-add-on to folder (Yocto 4.14.98_2.0.0_ga dir)/sources/ 2, Run DISTRO=fsl-imx-wayland MACHINE=imx8qxpmek source fsl-setup-release.sh -b build-optee and add BBLAYERS += " ${BSPDIR}/sources/meta-optee-add-on " into (Yocto 4.14.98_2.0.0_ga dir)/build-optee/conf/bblayers.conf  3, Run bitbake fsl-image-validation-imx. 4, You can run xtest or xtest -l 1 4007 on your MEK board to test optee crypto feature after completing build image. You can find it only take about one second comparing no CAAM accelerating when test "regression_4007.11 Generate RSA-2048 key".
View full article