帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

IMX6 Platform SDK - CAAM BLOB Example Question

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

IMX6 Platform SDK - CAAM BLOB Example Question

‎04-21-2014 10:06 AM
2,419 次查看
ryanm_
Contributor II

I've been reviewing the CAAM code (caam_blob_gen.c, caam.c, caam.h, and caam_internal.h) getting ready to implement BLOBs in a custom application. Unfortunately I'm confused about

what is going on in step 3 below.  I can't find any documentation in the Security Reference manual about the bit fields in ENCAP_BLOB_DESC3  (below in red).  DESC2 is a LOAD immediate command and

then 8 bytes of data are supposed to follow.  DESC3 makes up the first 4 bytes and I can't find documentation related to that in the reference manual.  Then in DESC4 they example places the address of the

key in that 4 byte section of the descriptor.

Could someone help explain how this works?

From 'caam_internal.h'

/*****************************************

*----- Blob encapsulate descriptor -----*

*****************************************/

/* Blob Header

*

*  1011 0000 1000 0000 0000 0000 0000 1001

*  |||| |                             |

*  ++++-+-- Header                    +-- 9 words in descriptor

*/ 

#define ENCAP_BLOB_DESC1  0xB0800009

/* 2. Load command KEY 2 immediate

*  0001 0100 1100 0000 0000 1100 0000 1000

*  |||| |||  |||| |||| |||| |||| |||| ||||

*  |||| |||  |||| |||| |||| |||| ++++-++++-- Length

*  |||| |||  |||| |||| ++++-++++-- Offset

*  |||| |||  |+++-++++-- DST (Destination Register) Key2

*  |||| |||  +-- IMM (Immediate flag)

*  |||| |++-- class 2

*  ++++-+-- Load command

*/

#define ENCAP_BLOB_DESC2 0x14C00C08

/* 3. 8 bytes for load command above - aad data

*

*  0000 0000 0001 0000 0101 0101 0110 0110

*  |||| |||| |||| |||| |||| |||| |||| ||||

*  |||| |||| |||| |||| |||| |||| ++++-++++-- CCM Mode

*  |||| |||| |||| |||| ++++-++++-- AES

*  |||| |||| ++++-++++-- Length

*  ++++-++++-- Flag

*/

#define ENCAP_BLOB_DESC3 0x00105566

#define ENCAP_BLOB_DESC4 0x00000000



/* 5. SEQ In Ptr

*  1111 0000 0000 0000 0000 0000 0001 0000

*  |||| |              |||| |||| |||| ||||

*  |||| |              ++++-++++-++++-++++-- Length in bytes (16)

*  ++++-+-- Seq In Ptr

*/

#define ENCAP_BLOB_DESC5 0xF0000010

/* 6. Pointer for above SEQ In ptr command */

/* Address could be changed during run time */

#define ENCAP_BLOB_DESC6 SEC_MEM_PAGE1

/* 7. SEQ Out Ptr

*  1111 1000 0000 0000 0000 0000 0100 0000

*  |||| |              |||| |||| |||| ||||

*  |||| |              ++++-++++-++++-++++-- Length in bytes (64)

*  ++++-+-- Seq Out Ptr

*/

#define ENCAP_BLOB_DESC7  0xF8000040

/* 8. Pointer for above SEQ Out ptr command */

/* Address is provided during run time */

#define ENCAP_BLOB_DESC8  0x00000000

/* 9. Protocol

*  1000 0111 0000 1101 0000 0000 0000 1000

*  |||| |||| |||| |||| |||| |||| |||| ||||

*  |||| |||| |||| |||| ++++-++++-++++-++++-- Proto Info = sec mem blob

*  |||| |||| ++++-++++-- Protocol ID = Blob

*  |||| |+++-- Optype - encapsulation protocol

*  ++++-+-- Seq In Ptr

*/

#define ENCAP_BLOB_DESC9  0x870D0008

Thanks,

Ryan

标签 (1)
标签
0 项奖励
回复
2 回复数

‎04-21-2014 08:15 PM
1,498 次查看
Yuri
NXP Employee
NXP Employee

Hello,

  Sorry, but the information you are requesting is treated as confidential info at this time and requires a signed NDA (Non-Disclosure Agreement). Naturally, we cannot discuss this with you in public anyway, this requires to be handled as a Service Request (SR). Be aware that to give you remote support through a SR, we will still need the confirmation of a Freescale employee that the NDA is in place. If you want to go this route, the next steps will be: If you have already signed a NDA agreement for this product, please contact the person who assisted you or create a SR and name us a Freescale person that can confirm this. If you have not signed an agreement, please contact your local Freescale Distributor Salesperson or FAE for assistance. For a listing of our distributors, refer to: http://www.freescale.com/webapp/sps/site/overview.jsp?code=DISTRIBUTORS

Have a great day,
Yuri

-------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-------------------------------------------------------------------------------

0 项奖励
回复

‎04-25-2014 01:00 PM
1,498 次查看
NNavarro
NXP Employee
NXP Employee

Yuri,

There is an NDA in place.  Here is what I sent to customer...  I'm sure you have additional recommendations.

(1)    What I would recommend is for you to take a look at the Linux kernel driver for secure memory, the code has comments that should help and also provide an example.

Below are the files to look at:

                    drivers/crypto/caam/sm_store.c
                    drivers/crypto/caam/sm_test.c
0 项奖励
回复