Imx Secure Enclave library with HSM API's on iMX93

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Imx Secure Enclave library with HSM API's on iMX93

354 次查看
mallikarjuna
Contributor II

Hi nxp tech team,

 

I have successfully cross-compiled the Secure Enclave userspace library for the ELE-HSM platform targeting the i.MX93 processor-based board, following the build steps provided here

https://github.com/nxp-imx/imx-secure-enclave/blob/lf-6.6.23_2.0.0/README

 

I also compiled and ran the ELE-HSM test application (hsm_test.c):

https://github.com/nxp-imx/imx-secure-enclave/blob/lf-6.6.23_2.0.0/test/hsm/hsm_test.c

As per my understanding, the application opens a session, performs key store operations, generates/deletes keys, runs cipher tests, and closes the key store and session.

Please find the attached logs from the test run.

 

I have the following queries:

1. Where is the generated key physically stored?

  • Question: After running the test app, where are the keys physically stored on the system?

    • Are they persisted in the root filesystem, or is it stored within secure hardware storage (e.g., in OTP/NVM/FUSE/eFUSE or internal HSM memory)?

    • If on filesystem, what is the exact location or mechanism for storing key blobs?

2. Is there an HSM API to retrieve actual key material (key data buffer)?

  • The current APIs (e.g., hsm_get_key_attribute) seem to only allow retrieval of key metadata (ID, size, type).

  • Is there a supported API to extract/export the raw key material from the HSM (e.g., for use in symmetric encryption)?

    • If not, is this restricted by design for security reasons (e.g., key never leaves HSM)?

3. How can we generate a key in user space and use it for encryption/decryption?

  • If raw keys cannot be retrieved from HSM, what's the recommended flow to:

    • Generate a key (symmetric or asymmetric)

    • Use it for encryption/decryption operations (either directly in HSM or in user space)?

  • Are there sample applications or API examples for encrypt/decrypt flow using HSM-managed keys?

 

Any guidance or sample code snippets would be highly appreciated.

Thanks & Regards,
Mallikarjuna Reddy Ambati

标签 (1)
0 项奖励
回复
1 回复

314 次查看
Harvey021
NXP TechSupport
NXP TechSupport

Hi,

Please have a reference to the This guide and Test-on-i-MX93-HSM-keystore 

 

Regards

Harvey

0 项奖励
回复