CAAM or OP-TEE

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CAAM or OP-TEE

1,318 Views
msaenger
Contributor I

Hello,

I'm looking to store some sensitive data on the i.MX 8M Mini EVK and have a question regarding usage of the CAAM and OP-TEE.

I've found the example projects here: imx_sec_apps - i.MX Security Application Examples  and have been looking at application note AN12554 (https://www.nxp.com/docs/en/application-note/AN12554.pdf) for CAAM key blobs and on the OP-TEE side I have been looking at the enhanced OpenSSL project in the repository I mentioned and application note AN12632 (https://www.nxp.com/docs/en/application-note/AN12632.pdf).  After reading these and playing around with the code, it seems that I could use either of these methods to accomplish my goal of storing some sensitive data.  My question is could I do this using the CAAM key blobs or OP-TEE?  The OP-TEE path is simpler it seems and I could simply store the keys in the trusted application and provide an API in the client application to retrieve the data when I need it.  I suppose the CAAM method might provide a little more security perhaps?

The other implementation would be to use OP-TEE and the CAAM to perform all cryptographic functions in the secure world and only provide a minimal API on the client side to access any needed functions/data.  This seems to be more similar to the enhanced OpenSSL application note.

Am I understanding this correctly?   Also, are there any examples that apply to Linux kernel 5.4?

Tags (2)
0 Kudos
1 Reply

1,254 Views
Yuri
NXP Employee
NXP Employee

msaenger 

Hello,

   Generally Your understanding is correct. Optee may be considered as software approach, 

but CAAM provides hardware one. The demo examples  are not fully tested, but show how to

integrate different stacks of software to use with i.MX reference boards and our BSP release.

Regards,

Yuri.

0 Kudos