Hi,
I have tried the instructions in https://source.codeaurora.org/external/imxsupport/imx_sec_apps/tree/demo-caam-blobs/README.txt in order to test user space encryption with black keys (on iMX8mmevk).
I do not know if I was doing something wrong or got the wrong files, but I was not able to get it work without the following changes:
The patch adds a number of configs to defconfig but in my yocto there was another defconfig used so I had to add the configs to a file enable-caam-demo.cfg and include that from my linux-imx_%.bbappend.
CONFIG_CRYPTO_DEV_FSL_CAAM_DESC=y
CONFIG_CRYPTO_DEV_FSL_CAAM_UTIL_BLACK_KEY=y
CONFIG_CRYPTO_DEV_FSL_CAAM_UTIL_BLOB=y
CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API=y
CONFIG_CRYPTO_DEV_FSL_CAAM_KEY_BLOB=y
CONFIG_CRYPTO_DEV_FSL_CAAM_SM_KEY_BLOB=y
And when I did that the next error was really strange because the kernel_read() calls in key_blob.c was an old call with parameters in wrong order (changed in kernel 4.14).
loff_t dummy = 0;
//key_len = kernel_read(filp, 0, kb_addr.key_addr, KEY_MAX_LENGTH);
// Previsous line changed to::
dummy = 0;
key_len = kernel_read(filp, kb_addr.key_addr, KEY_MAX_LENGTH, &dummy);
N.B. there is another call to kernel_read() which must be changed in the same way.
After this I was able to get the /dev/kb device and could run the kb_test application.
Maybe this helps someone else :-).
Best regards,
Jonny
@jonnye
Hello,
Please check environment settings, using recommendations of the documents, linked below.
"Demo Application to Generate Red/Black Blobs Using CAAM and Encrypt/Decrypt Data"
https://www.nxp.com/webapp/Download?colCode=AN12554
"i.MX Encrypted Storage Using CAAM Secure Keys"
https://www.nxp.com/webapp/Download?colCode=AN12714
Regards,
Yuri.
How can I check https://www.nxp.com/webapp/Download?colCode=AN12554, when the link is dead?
https://source.codeaurora.org/external/imxsupport/imx_sec_apps/tree/demo-caam-blobs/README.txt
The PDF is unusable IMHO.