I've been reviewing the CAAM code (caam_blob_gen.c, caam.c, caam.h, and caam_internal.h) getting ready to implement BLOBs in a custom application. Unfortunately I'm confused about
what is going on in step 3 below. I can't find any documentation in the Security Reference manual about the bit fields in ENCAP_BLOB_DESC3 (below in red). DESC2 is a LOAD immediate command and
then 8 bytes of data are supposed to follow. DESC3 makes up the first 4 bytes and I can't find documentation related to that in the reference manual. Then in DESC4 they example places the address of the
key in that 4 byte section of the descriptor.
Could someone help explain how this works?
From 'caam_internal.h'
/*****************************************
*----- Blob encapsulate descriptor -----*
*****************************************/
/* Blob Header
*
* 1011 0000 1000 0000 0000 0000 0000 1001
* |||| | |
* ++++-+-- Header +-- 9 words in descriptor
*/
#define ENCAP_BLOB_DESC1 0xB0800009
/* 2. Load command KEY 2 immediate
*
* 0001 0100 1100 0000 0000 1100 0000 1000
* |||| ||| |||| |||| |||| |||| |||| ||||
* |||| ||| |||| |||| |||| |||| ++++-++++-- Length
* |||| ||| |||| |||| ++++-++++-- Offset
* |||| ||| |+++-++++-- DST (Destination Register) Key2
* |||| ||| +-- IMM (Immediate flag)
* |||| |++-- class 2
* ++++-+-- Load command
*/
#define ENCAP_BLOB_DESC2 0x14C00C08
/* 3. 8 bytes for load command above - aad data
*
* 0000 0000 0001 0000 0101 0101 0110 0110
* |||| |||| |||| |||| |||| |||| |||| ||||
* |||| |||| |||| |||| |||| |||| ++++-++++-- CCM Mode
* |||| |||| |||| |||| ++++-++++-- AES
* |||| |||| ++++-++++-- Length
* ++++-++++-- Flag
*/
#define ENCAP_BLOB_DESC3 0x00105566
#define ENCAP_BLOB_DESC4 0x00000000
/* 5. SEQ In Ptr
*
* 1111 0000 0000 0000 0000 0000 0001 0000
* |||| | |||| |||| |||| ||||
* |||| | ++++-++++-++++-++++-- Length in bytes (16)
* ++++-+-- Seq In Ptr
*/
#define ENCAP_BLOB_DESC5 0xF0000010
/* 6. Pointer for above SEQ In ptr command */
/* Address could be changed during run time */
#define ENCAP_BLOB_DESC6 SEC_MEM_PAGE1
/* 7. SEQ Out Ptr
*
* 1111 1000 0000 0000 0000 0000 0100 0000
* |||| | |||| |||| |||| ||||
* |||| | ++++-++++-++++-++++-- Length in bytes (64)
* ++++-+-- Seq Out Ptr
*/
#define ENCAP_BLOB_DESC7 0xF8000040
/* 8. Pointer for above SEQ Out ptr command */
/* Address is provided during run time */
#define ENCAP_BLOB_DESC8 0x00000000
/* 9. Protocol
*
* 1000 0111 0000 1101 0000 0000 0000 1000
* |||| |||| |||| |||| |||| |||| |||| ||||
* |||| |||| |||| |||| ++++-++++-++++-++++-- Proto Info = sec mem blob
* |||| |||| ++++-++++-- Protocol ID = Blob
* |||| |+++-- Optype - encapsulation protocol
* ++++-+-- Seq In Ptr
*/
#define ENCAP_BLOB_DESC9 0x870D0008
Thanks,
Ryan
Hello,
Sorry, but the information you are requesting is treated as confidential info at this time and requires a signed NDA (Non-Disclosure Agreement). Naturally, we cannot discuss this with you in public anyway, this requires to be handled as a Service Request (SR). Be aware that to give you remote support through a SR, we will still need the confirmation of a Freescale employee that the NDA is in place. If you want to go this route, the next steps will be: If you have already signed a NDA agreement for this product, please contact the person who assisted you or create a SR and name us a Freescale person that can confirm this. If you have not signed an agreement, please contact your local Freescale Distributor Salesperson or FAE for assistance. For a listing of our distributors, refer to: http://www.freescale.com/webapp/sps/site/overview.jsp?code=DISTRIBUTORS
Have a great day,
Yuri
-------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-------------------------------------------------------------------------------
Yuri,
There is an NDA in place. Here is what I sent to customer... I'm sure you have additional recommendations.
(1) What I would recommend is for you to take a look at the Linux kernel driver for secure memory, the code has comments that should help and also provide an example.
Below are the files to look at:
drivers/crypto/caam/sm_store.c
drivers/crypto/caam/sm_test.c