IMX8MP + CAAM Module in Android 13

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IMX8MP + CAAM Module in Android 13

2,012 Views
Adi99
Contributor I

Hello @nxp,

I want to use security CAAM module in Android 13. I have checked the documents related CAAM module but all doc. showing Yocto Linux Application (eg. kb_test) for testing caam module.

 

I have already probed CAAM module in imx8mp EVK. now at kernel layer means on debugg uart how i will perform encryption and decryption and verify that my caam is working at kernel layer.

 

any test utility is there or we need to add any external utility for that?

 

Thanks,

Aditya

 

0 Kudos
Reply
5 Replies

1,987 Views
Dhruvit
NXP TechSupport
NXP TechSupport

Hi @Adi99,

I hope you are doing well
 
Please refer to the i.MX Android Security User's Guide for information related to the CAAM module with Android. 
For the test utility-related information, kindly refer to section 3.2.4 Adding unit tests in Trusty OS and adding CAAM self-tests in Trusty OS from i.MX Android Security User's Guide
 
Thanks & Regards,
Dhruvit Vasavada
0 Kudos
Reply

1,971 Views
Adi99
Contributor I

Hi @Dhruvit ,

I have checked that section :

there is no any file is available - "${MY_TRUSTY}/trusty/device/nxp/imx8/project"

 

I have enable the caam in Kernel. from uboot side any configration required for caam bringup?

in kernel side: I am facing one issue....can you check ?

Kerel Log:

****************************************************************************************************

[ 9.702376][ T259] caam 30900000.crypto: device ID = 0x0a16040100000100 (Era 9)
[ 9.709864][ T259] caam 30900000.crypto: job rings = 2, qi = 0
[ 9.889010][ T259] caam algorithms registered in /proc/crypto
[ 9.896368][ T259] caam 30900000.crypto: caam pkc algorithms registered in /proc/crypto
[ 9.904780][ T259] caam 30900000.crypto: rng crypto API alg registered prng-caam
[ 9.912341][ T259] caam 30900000.crypto: ***registering rng-caam***********
[ 9.920089][ T259] testing without waiting
[ 9.924351][ T259] caam 30900000.crypto: wanted 32 bytes, got 0
[ 9.930409][ T259] caam 30900000.crypto: wanted 64 bytes, got 0
[ 9.936486][ T259] caam 30900000.crypto: wanted 128 bytes, got 0
[ 9.942605][ T259] testing with waiting
[ 9.956979][ T259] caam 30900000.crypto: wanted 32 bytes, got 16
[ 9.969343][ T259] caam 30900000.crypto: wanted 64 bytes, got 16
[ 9.981740][ T259] caam 30900000.crypto: wanted 128 bytes, got 16
[ 9.988820][ T259] Device caam-keygen registered
[ 10.084140][ T259] generate_black_key input: [key: (1) black_key: 000000008e44bc10(10), key_enc: 0]
[ 10.093507][ T259] caam_jr 30903000.jr: black key of size: 1, type: 1 returned -22
[ 10.140368][ T259] generate_black_key input: [key: (2) black_key: 000000008e44bc10(10), key_enc: 0]
[ 10.149538][ T259] caam_jr 30903000.jr: black key of size: 2, type: 1 returned -22
[ 10.196115][ T259] generate_black_key input: [key: (3) black_key: 000000008e44bc10(10), key_enc: 0]
[ 10.205268][ T259] caam_jr 30903000.jr: black key of size: 3, type: 1 returned -22
[ 10.251778][ T259] generate_black_key input: [key: (4) black_key: 000000008e44bc10(10), key_enc: 0]
[ 10.260930][ T259] caam_jr 30903000.jr: black key of size: 4, type: 1 returned -22
[ 10.307439][ T259] generate_black_key input: [key: (5) black_key: 000000008e44bc10(10), key_enc: 0]
[ 10.316589][ T259] caam_jr 30903000.jr: black key of size: 5, type: 1 returned -22
[ 10.363095][ T259] generate_black_key input: [key: (6) black_key: 000000008e44bc10(10), key_enc: 0]
[ 10.372243][ T259] caam_jr 30903000.jr: black key of size: 6, type: 1 returned -22
[ 10.418744][ T259] generate_black_key input: [key: (7) black_key: 000000008e44bc10(10), key_enc: 0]
[ 10.427893][ T259] caam_jr 30903000.jr: black key of size: 7, type: 1 returned -22
[ 10.474397][ T259] generate_black_key input: [key: (8) black_key: 000000008e44bc10(10), key_enc: 0]
[ 10.483551][ T259] caam_jr 30903000.jr: black key of size: 8, type: 1 returned -22
[ 10.530047][ T259] generate_black_key input: [key: (9) black_key: 000000008e44bc10(10), key_enc: 0]
[ 10.539196][ T259] caam_jr 30903000.jr: black key of size: 9, type: 1 returned -22
[ 10.585703][ T259] generate_black_key input: [key: (10) black_key: 000000008e44bc10(10), key_enc: 0]
[ 10.594943][ T259] caam_jr 30903000.jr: black key of size: 10, type: 1 returned -22
[ 10.632767][ T259] generate_black_key input: [key: (10) black_key: 000000008e44bc10(10), key_enc: 0]
[ 10.642045][ T259] caam_jr 30903000.jr: black key of size: 10, type: 1 returned -22
[ 10.650330][ T259] *******^^^^ Nb errors: 12
[ 10.654838][ T259] do_init_module: 'caamkeyblob_test'->init suspiciously returned 12, it should follow 0/-E convention
[ 10.654838][ T259] do_init_module: loading module anyway...
[ 10.671337][ T259] CPU: 2 PID: 259 Comm: modprobe Tainted: G C OE 5.15.74-android13-8-00004-gdd7483ef9e6b-dirty #1
[ 10.682839][ T259] Hardware name: NXP i.MX8MPlus EVK board (DT)
[ 10.688854][ T259] Call trace:
[ 10.692001][ T259] dump_backtrace.cfi_jt+0x0/0x8
[ 10.696808][ T259] dump_stack_lvl+0x80/0xb8
[ 10.701181][ T259] do_init_module+0x3e8/0x67c
[ 10.705726][ T259] load_module+0x14d8/0x17dc
[ 10.710183][ T259] __arm64_sys_finit_module+0x18c/0x1a0
[ 10.715591][ T259] invoke_syscall+0x60/0x150
[ 10.720048][ T259] el0_svc_common+0xb8/0xf8
[ 10.724415][ T259] do_el0_svc+0x28/0xa0
[ 10.728436][ T259] el0_svc+0x24/0x84
[ 10.732199][ T259] el0t_64_sync_handler+0x88/0xec
[ 10.737090][ T259] el0t_64_sync+0x1b4/0x1b8
[ 10.748233][ T259] platform caam_sm: blkkey_ex: 2 keystore units available
[ 10.756758][ T259] caam 30900000.crypto: SM test passed
[ 10.795141][ T259] caam-snvs 30370000.caam-snvs: violation handlers armed - non-secure state

******************************************************************************************************

defconfig:

CONFIG_CRYPTO=y
CONFIG_CRYPTO_HW=y
CONFIG_CRYPTO_ENGINE=y
CONFIG_CRYPTO_DEV_FSL_CAAM_COMMON=y


CONFIG_CRYPTO_DEV_FSL_CAAM=m

CONFIG_CRYPTO_DEV_FSL_CAAM_JR=m
CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9

CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=y

CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API_DESC=m

CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_DESC=m

CONFIG_CRYPTO_DEV_FSL_CAAM_KEYBLOB_API_DESC=m

CONFIG_CRYPTO_DEV_FSL_CAAM_JR_UIO=m

CONFIG_FSL_MC_DPIO=y
CONFIG_NETDEVICES=y

CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=y
CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=y
CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=y
CONFIG_CRYPTO_DEV_FSL_CAAM_PRNG_API=y

CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_TEST=y

CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API=y
CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API_TEST=m

CONFIG_CRYPTO_DEV_FSL_CAAM_SM=y
CONFIG_CRYPTO_DEV_FSL_CAAM_SM_SLOTSIZE=7
CONFIG_CRYPTO_DEV_FSL_CAAM_SM_TEST=m


CONFIG_CRYPTO_DEV_FSL_CAAM_SECVIO=m

CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG=y
CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=n

 

Let me know if any dependecy is missing?

 

0 Kudos
Reply

1,917 Views
Dhruvit
NXP TechSupport
NXP TechSupport

Hi @Adi99,

I hope you are doing well
 
 from uboot side any configration required for caam bringup?
=> U-boot has the driver for the CAAM module. For that one can refer to the drivers/crypto/fsl/Kconfig file.
 
From the logs, it seems that they are warnings.  Please confirm if you were able to boot the kernel or not.
To check the CAAM from the kernel, one can use the $cat /proc/crypto command from user space to check the information related to all supported algorithms and the drivers.
 
Thanks & Regards,
Dhruvit Vasavada

0 Kudos
Reply

1,865 Views
Adi99
Contributor I

Hi @Dhruvit ,

kernel log : cat /proc/crypto >> its works perfectly.

from boot loader i have enabled the driver but still same error is getting.

 

> how we can run caam keyblob self test file without any crash? 

 

waiting for your reply.

Thanks

 

0 Kudos
Reply

1,808 Views
Dhruvit
NXP TechSupport
NXP TechSupport

Hi @Adi99 

I hope you are doing well
 
To generate both red and black key blobs and use them to encrypt and decrypt data, please refer to the document below.
 
 
 

> how we can run caam keyblob self test file without any crash? 

=> Please mention the steps you follow to further debug the crash issue.
 
Thanks & Regards
Dhruvit Vasavada

0 Kudos
Reply