Attached is example code on blob generation and usage on i.MX6UL platform.
It shows how to generate blob in secure memory, store blob in non-volatile memory, restore key from blob and use in cryptographic algorithm, the code is based on fsl-arm-yocto-bsp-imx-4.1.15-1.0.0_ga release.
Original Attachment has been moved to: test_caam_keyblob.zip
if someone still looking for sample code for endcode/decode keys using CAAM (with Master key)
just try an attached (modified) code.
This module desn't stay in RAM by causing error (ENOMEM) intentionally.
Module parameter encrypt=1 mens: get data from dek.txt encrypt and save to blob.bin
Module parameter encrypt=0 mens: get data from blob.bin decrypt and show as a text.
It uses 32 bytes for a key.
#insmod alg_test.ko encrypt=1
[ 7368.080346] Read password file: /data2/dek.txt
[ 7368.081182] Security module: sec-v4.0 OK
[ 7368.081697] Encrypt & write password
[ 7368.082386] Causing error to remove module
insmod: failed to load alg_test.ko: Out of memory <== It's OK
1|root@tsr2_bl12080:/data2 # insmod alg_test.ko encrypt=0
[ 7370.370662] Read encrypted password file: /data2/blob.bin
[ 7370.371568] Security module: sec-v4.0 OK
[ 7370.372083] Decrypt password
[ 7370.372579] To jest tekst do zaszyfrowania p <== decrypted content of blob.bin
[ 7370.373490] Causing error to remove module
insmod: failed to load alg_test.ko: Out of memory
I tested the first example code, the recovered key that is used in the encryption example is empty : key:00000000000000000000000000000000
My iMX6 device is open, is it diffrent on closed device ?
Eric had modified the example code to show how to generate blob for user space dek, the use case is:
6. Next time to use dek, it can be recovered from rootfs/home/root/blob. The recovery code is not included in attached example, customer can implement it in similar way according to example code in test_caam_keyblob.zip.
Can you give me some example, how can I recovery the dek from the /home/root/blob file,
I can not recovery the key,use these function,when I reboot the SOC:
drivers\crypto\caam\sm_test.c in BSP release only includes blob export and import.
Example code includes blob export and import, store blob to rootfs, restore key from blob and use in cryptographic algorithm.
It is also shows how to call CAAM AES algorithm in Linux kernel.