FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to interpret the key modifier OCOTP_OPS2 and OCOTP_UN2?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to interpret the key modifier OCOTP_OPS2 and OCOTP_UN2?

‎08-14-2012 05:04 AM
1,027 Views
bba
Contributor III

Hello,

 

if you want to use the unique otp key for aes encryption/decryption you have to modify the dcp driver:

- drivers/crypto/dcp_bootstream_ioctl.h

- drivers/crypto/dcp.c

Than you can use the onboard encryption engine according to the kobs-ng sourcecode for user data encryption/decryption. According to the i.MX28_Reference_Manual_1_0 the unique key will be created as follows:

 

The OTP key may be selected using the OTP_KEY bit in the control field of the packet
descriptor or by using the key select 0xFF in the CTRL1 field of the descriptor. The DCP
also supports a second hardware key called the UNIQUE_KEY which is generated from
the OTP KEY (OCOTP_CRYPTO0,1,2,3) and key modifier bits from another OTP fields
(OCOTP_OPS2 and OCOTP_UN2) with unique number for every chip. This key is unique
to the device and may be used for encrypting private data stored on the NAND. This key
may be selected by writing 0xFE to the KEY_SELECT field in the CTRL1 packet data.

Does anybody know how to interpret the key modifier OCOTP_OPS2 and OCOTP_UN2?

 

Regards,

BBa

Original Attachment has been moved to: 33-dcpuniquekey.patch

Labels (1)
Labels
0 Kudos
Reply
3 Replies

‎08-21-2012 07:14 AM
529 Views
bba
Contributor III

Hi Peter,

thanks for your answer. I've written a simple test program using the unique key. First it was running with the default bit settings. Than I've burned the key modifier OCOTP_OPS2 and OCOTP_UN2 with own values. Now the test program was running again and I've seen the same results. So first I'm wondering about this, but now it is clear - we can't modify the HW_OCOTP_OPS2 and HW_OCOTP_UN2. These values are unique for each iMX28.

Regards,

BBa

0 Kudos
Reply

‎08-16-2012 07:10 PM
529 Views
PeterChan
NXP Employee
NXP Employee

The key modifiers OCOTP_OPS2 and OCOTP_UN2 refer to values written to the On-Chip OTP register HW_OCOTP_OPS2 and HW_OCOTP_UN2 respectively. These two registers are blown with an unique value for every i.MX28 chip.

 

As described, the UNIQUE_KEY is generated from the OTP KEY (OCOTP_CRYPTO0,1,2,3) and (OCOTP_OPS2 and OCOTP_UN2). Thus, this key is unique among all i.MX28 devices even if their (OCOTP_CRYPTO0,1,2,3) values are the same.

 

You can't make any further change to the HW_OCOTP_OPS2 and HW_OCOTP_UN2 values because their LOCK bits in the HW_OCOTP_LOCK register were blown and the region is locked.

0 Kudos
Reply

‎03-26-2014 03:10 AM
529 Views
markuskoegel
Contributor I

Hi Peter,

thanks for the answer. Can you give more details on how the UNIQUE_KEY is calculated? In particular, I wonder why the security level of the 128 bit OTP KEY is stripped down to 64 bit of the UNIQUE KEY and how this is then used for AES-128 in the i.MX28. Is the latter done by padding or bit repetition?

Thanks in advance,

Markus

0 Kudos
Reply