Hi nxp tech team,
I have successfully cross-compiled the Secure Enclave userspace library for the ELE-HSM platform targeting the i.MX93 processor-based board, following the build steps provided here
https://github.com/nxp-imx/imx-secure-enclave/blob/lf-6.6.23_2.0.0/README
I also compiled and ran the ELE-HSM test application (hsm_test.c):
https://github.com/nxp-imx/imx-secure-enclave/blob/lf-6.6.23_2.0.0/test/hsm/hsm_test.c
As per my understanding, the application opens a session, performs key store operations, generates/deletes keys, runs cipher tests, and closes the key store and session.
Please find the attached logs from the test run.
I have the following queries:
Question: After running the test app, where are the keys physically stored on the system?
Are they persisted in the root filesystem, or is it stored within secure hardware storage (e.g., in OTP/NVM/FUSE/eFUSE or internal HSM memory)?
If on filesystem, what is the exact location or mechanism for storing key blobs?
The current APIs (e.g., hsm_get_key_attribute) seem to only allow retrieval of key metadata (ID, size, type).
Is there a supported API to extract/export the raw key material from the HSM (e.g., for use in symmetric encryption)?
If not, is this restricted by design for security reasons (e.g., key never leaves HSM)?
If raw keys cannot be retrieved from HSM, what's the recommended flow to:
Generate a key (symmetric or asymmetric)
Use it for encryption/decryption operations (either directly in HSM or in user space)?
Are there sample applications or API examples for encrypt/decrypt flow using HSM-managed keys?
Any guidance or sample code snippets would be highly appreciated.
Thanks & Regards,
Mallikarjuna Reddy Ambati