Encrypted storage with TrustZone

brucezhao · ‎08-22-2022

Hi,

AN12714 (i.MX Encrypted Storage Using CAAM Secure Keys) document describes Encrypted storage with CAAM.

My question is that if I want to use CSU(Central Security Unit) to limit only OP-TEE can access CAAM, then CAAM can not be accessed by Normal world directly. I mean how to implement encrypted storage with OP-TEE, which uses OTPMK as root key by CAAM.

Thanks.

Harvey021 · ‎08-25-2022

Hi @brucezhao

OP-TEE itself is secure world, which should be able to access CAAM. AN12714 here mainly uses the kernel module DM-Crypt, which uses CAAM's secure key to implement disk encryption, and does not implement the requirements you mentioned.

Best regards

Harvey

在原帖中查看解决方案

brucezhao · ‎08-30-2022

Hi Harvey, I got it. Thank you for your reply.

Harvey021 · ‎08-25-2022

Hi @brucezhao

OP-TEE itself is secure world, which should be able to access CAAM. AN12714 here mainly uses the kernel module DM-Crypt, which uses CAAM's secure key to implement disk encryption, and does not implement the requirements you mentioned.

Best regards

Harvey

Encrypted storage with TrustZone

Encrypted storage with TrustZone

i.MX 8M | i.MX 8M Mini | i.MX 8M Nano

Security