IMX6 Platform SDK - CAAM BLOB Example Question

cancel
Showing results for 
Search instead for 
Did you mean: 

IMX6 Platform SDK - CAAM BLOB Example Question

958 Views
Contributor II

I've been reviewing the CAAM code (caam_blob_gen.c, caam.c, caam.h, and caam_internal.h) getting ready to implement BLOBs in a custom application. Unfortunately I'm confused about

what is going on in step 3 below.  I can't find any documentation in the Security Reference manual about the bit fields in ENCAP_BLOB_DESC3  (below in red).  DESC2 is a LOAD immediate command and

then 8 bytes of data are supposed to follow.  DESC3 makes up the first 4 bytes and I can't find documentation related to that in the reference manual.  Then in DESC4 they example places the address of the

key in that 4 byte section of the descriptor.

Could someone help explain how this works?

From 'caam_internal.h'

/*****************************************

*----- Blob encapsulate descriptor -----*

*****************************************/

/* Blob Header

*

*  1011 0000 1000 0000 0000 0000 0000 1001

*  |||| |                             |

*  ++++-+-- Header                    +-- 9 words in descriptor

*/ 

#define ENCAP_BLOB_DESC1  0xB0800009

/* 2. Load command KEY 2 immediate

*  0001 0100 1100 0000 0000 1100 0000 1000

*  |||| |||  |||| |||| |||| |||| |||| ||||

*  |||| |||  |||| |||| |||| |||| ++++-++++-- Length

*  |||| |||  |||| |||| ++++-++++-- Offset

*  |||| |||  |+++-++++-- DST (Destination Register) Key2

*  |||| |||  +-- IMM (Immediate flag)

*  |||| |++-- class 2

*  ++++-+-- Load command

*/

#define ENCAP_BLOB_DESC2 0x14C00C08

/* 3. 8 bytes for load command above - aad data

*

*  0000 0000 0001 0000 0101 0101 0110 0110

*  |||| |||| |||| |||| |||| |||| |||| ||||

*  |||| |||| |||| |||| |||| |||| ++++-++++-- CCM Mode

*  |||| |||| |||| |||| ++++-++++-- AES

*  |||| |||| ++++-++++-- Length

*  ++++-++++-- Flag

*/

#define ENCAP_BLOB_DESC3 0x00105566

#define ENCAP_BLOB_DESC4 0x00000000



/* 5. SEQ In Ptr

*  1111 0000 0000 0000 0000 0000 0001 0000

*  |||| |              |||| |||| |||| ||||

*  |||| |              ++++-++++-++++-++++-- Length in bytes (16)

*  ++++-+-- Seq In Ptr

*/

#define ENCAP_BLOB_DESC5 0xF0000010

/* 6. Pointer for above SEQ In ptr command */

/* Address could be changed during run time */

#define ENCAP_BLOB_DESC6 SEC_MEM_PAGE1

/* 7. SEQ Out Ptr

*  1111 1000 0000 0000 0000 0000 0100 0000

*  |||| |              |||| |||| |||| ||||

*  |||| |              ++++-++++-++++-++++-- Length in bytes (64)

*  ++++-+-- Seq Out Ptr

*/

#define ENCAP_BLOB_DESC7  0xF8000040

/* 8. Pointer for above SEQ Out ptr command */

/* Address is provided during run time */

#define ENCAP_BLOB_DESC8  0x00000000

/* 9. Protocol

*  1000 0111 0000 1101 0000 0000 0000 1000

*  |||| |||| |||| |||| |||| |||| |||| ||||

*  |||| |||| |||| |||| ++++-++++-++++-++++-- Proto Info = sec mem blob

*  |||| |||| ++++-++++-- Protocol ID = Blob

*  |||| |+++-- Optype - encapsulation protocol

*  ++++-+-- Seq In Ptr

*/

#define ENCAP_BLOB_DESC9  0x870D0008

Thanks,

Ryan

Labels (1)
0 Kudos
2 Replies

37 Views
NXP TechSupport
NXP TechSupport

Hello,

  Sorry, but the information you are requesting is treated as confidential info at this time and requires a signed NDA (Non-Disclosure Agreement). Naturally, we cannot discuss this with you in public anyway, this requires to be handled as a Service Request (SR). Be aware that to give you remote support through a SR, we will still need the confirmation of a Freescale employee that the NDA is in place. If you want to go this route, the next steps will be: If you have already signed a NDA agreement for this product, please contact the person who assisted you or create a SR and name us a Freescale person that can confirm this. If you have not signed an agreement, please contact your local Freescale Distributor Salesperson or FAE for assistance. For a listing of our distributors, refer to: http://www.freescale.com/webapp/sps/site/overview.jsp?code=DISTRIBUTORS

Have a great day,
Yuri

-------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-------------------------------------------------------------------------------

0 Kudos

37 Views
NXP Employee
NXP Employee

Yuri,

There is an NDA in place.  Here is what I sent to customer...  I'm sure you have additional recommendations.

(1)    What I would recommend is for you to take a look at the Linux kernel driver for secure memory, the code has comments that should help and also provide an example.

Below are the files to look at:

                    drivers/crypto/caam/sm_store.c
                    drivers/crypto/caam/sm_test.c
0 Kudos