FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Communicating securely from Linux to U-Boot in i.MX8MM

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Communicating securely from Linux to U-Boot in i.MX8MM

Jump to solution
‎05-19-2024 11:49 PM
789 Views
Sampo
Contributor III

I have an i.MX8MM device with secure boot enabled. Is there a secure way to store encrypted data in the Linux world, that can then be read from U-boot? Using a fully encrypted filesystem is not an option.

I was considering using the "blob enc/dec" commands, but I was unable to find clear and up to date instructions on how to use them. Is it even possible to encrypt generic data in Linux, and then decrypt it in U-Boot?

0 Kudos
Reply
1 Solution

Jump to solution
‎05-22-2024 01:37 AM
769 Views
Harvey021
NXP TechSupport
NXP TechSupport

We don't have such a reference implementation yet. After blob decryption, the generated black key is injected into the Linux keyring.

You may have a try to port the decryption blob descriptor to uboot.

 

Regards

Harvey

View solution in original post

0 Kudos
Reply
1 Reply

Jump to solution
‎05-22-2024 01:37 AM
770 Views
Harvey021
NXP TechSupport
NXP TechSupport

We don't have such a reference implementation yet. After blob decryption, the generated black key is injected into the Linux keyring.

You may have a try to port the decryption blob descriptor to uboot.

 

Regards

Harvey

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-1868631%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ECommunicating%20securely%20from%20Linux%20to%20U-Boot%20in%20i.MX8MM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1868631%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EI%20have%20an%20i.MX8MM%20device%20with%20secure%20boot%20enabled.%20Is%20there%20a%20secure%20way%20to%20store%20encrypted%20data%20in%20the%20Linux%20world%2C%20that%20can%20then%20be%20read%20from%20U-boot%3F%20Using%20a%20fully%20encrypted%20filesystem%20is%20not%20an%20option.%3C%2FP%3E%3CP%3EI%20was%20considering%20using%20the%20%22blob%20enc%2Fdec%22%20commands%2C%20but%20I%20was%20unable%20to%20find%20clear%20and%20up%20to%20date%20instructions%20on%20how%20to%20use%20them.%20Is%20it%20even%20possible%20to%20encrypt%20generic%20data%20in%20Linux%2C%20and%20then%20decrypt%20it%20in%20U-Boot%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1868631%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CLINGO-LABEL%3Ei.MX%208M%20%7C%20i.MX%208M%20Mini%20%7C%20i.MX%208M%20Nano%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ELinux%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1870464%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20Communicating%20securely%20from%20Linux%20to%20U-Boot%20in%20i.MX8MM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1870464%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EWe%20don't%20have%20such%20a%20reference%20implementation%20yet.%20After%20blob%20decryption%2C%20the%20generated%20black%20key%20is%20injected%20into%20the%20Linux%20keyring.%3C%2FP%3E%0A%3CP%3EYou%20may%20have%20a%20try%20to%20port%20the%20decryption%20blob%20descriptor%20to%20uboot.%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3ERegards%3C%2FP%3E%0A%3CP%3EHarvey%3C%2FP%3E%3C%2FLINGO-BODY%3E