- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
Imx Secure Enclave library with HSM API's on iMX93
Hi nxp tech team,
I have successfully cross-compiled the Secure Enclave userspace library for the ELE-HSM platform targeting the i.MX93 processor-based board, following the build steps provided here
https://github.com/nxp-imx/imx-secure-enclave/blob/lf-6.6.23_2.0.0/README
I also compiled and ran the ELE-HSM test application (hsm_test.c):
https://github.com/nxp-imx/imx-secure-enclave/blob/lf-6.6.23_2.0.0/test/hsm/hsm_test.c
As per my understanding, the application opens a session, performs key store operations, generates/deletes keys, runs cipher tests, and closes the key store and session.
Please find the attached logs from the test run.
I have the following queries:
1. Where is the generated key physically stored?
Question: After running the test app, where are the keys physically stored on the system?
Are they persisted in the root filesystem, or is it stored within secure hardware storage (e.g., in OTP/NVM/FUSE/eFUSE or internal HSM memory)?
If on filesystem, what is the exact location or mechanism for storing key blobs?
2. Is there an HSM API to retrieve actual key material (key data buffer)?
The current APIs (e.g., hsm_get_key_attribute) seem to only allow retrieval of key metadata (ID, size, type).
Is there a supported API to extract/export the raw key material from the HSM (e.g., for use in symmetric encryption)?
If not, is this restricted by design for security reasons (e.g., key never leaves HSM)?
3. How can we generate a key in user space and use it for encryption/decryption?
If raw keys cannot be retrieved from HSM, what's the recommended flow to:
Generate a key (symmetric or asymmetric)
Use it for encryption/decryption operations (either directly in HSM or in user space)?
Are there sample applications or API examples for encrypt/decrypt flow using HSM-managed keys?
Any guidance or sample code snippets would be highly appreciated.
Thanks & Regards,
Mallikarjuna Reddy Ambati
