 hongdong_chu
		
			hongdong_chu
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Attached is example code on blob generation and usage on i.MX6UL platform.
It shows how to generate blob in secure memory, store blob in non-volatile memory, restore key from blob and use in cryptographic algorithm, the code is based on fsl-arm-yocto-bsp-imx-4.1.15-1.0.0_ga release.
Original Attachment has been moved to: test_caam_keyblob.zip
 
					
				
		
Hi,
if someone still looking for sample code for endcode/decode keys using CAAM (with Master key)
just try an attached (modified) code.
This module desn't stay in RAM by causing error (ENOMEM) intentionally.
Module parameter encrypt=1 mens: get data from dek.txt encrypt and save to blob.bin
Module parameter encrypt=0 mens: get data from blob.bin decrypt and show as a text.
It uses 32 bytes for a key.
#insmod alg_test.ko encrypt=1
[ 7368.080346] Read password file: /data2/dek.txt
[ 7368.081182] Security module: sec-v4.0 OK
[ 7368.081697] Encrypt & write password
[ 7368.082386] Causing error to remove module
insmod: failed to load alg_test.ko: Out of memory <== It's OK
1|root@tsr2_bl12080:/data2 # insmod alg_test.ko encrypt=0
[ 7370.370662] Read encrypted password file: /data2/blob.bin
[ 7370.371568] Security module: sec-v4.0 OK
[ 7370.372083] Decrypt password
[ 7370.372579] To jest tekst do zaszyfrowania p <== decrypted content of blob.bin
[ 7370.373490] Causing error to remove module
insmod: failed to load alg_test.ko: Out of memory
 
					
				
		
 xiaodong_zhang
		
			xiaodong_zhang
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Eric had modified the example code to show how to generate blob for user space dek, the use case is:
6. Next time to use dek, it can be recovered from rootfs/home/root/blob. The recovery code is not included in attached example, customer can implement it in similar way according to example code in test_caam_keyblob.zip.
Hello,Xiaodong,
Can you give me some example, how can I recovery the dek from the /home/root/blob file,
I can not recovery the key,use these function,when I reboot the SOC:
sm_keystore_slot_export()
sm_keystore_slot_import()
sm_keystore_slot_read()
 hongdong_chu
		
			hongdong_chu
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		drivers\crypto\caam\sm_test.c in BSP release only includes blob export and import.
Example code includes blob export and import, store blob to rootfs, restore key from blob and use in cryptographic algorithm.
It is also shows how to call CAAM AES algorithm in Linux kernel.
