Imx8 CAAM key storage

Erno · ‎08-17-2023

Hello,

I am currently working on an imx8 platform where we want to create a secure key storage.
I have read that the CAAM module provides secure key storage. If I understand correctly the Secure Non-Volatile Storage is present to achieve this. However, it is unclear to me how we can persist keys in this.

The only document I come across is AN12714.
However, this describes how to store keys externally encrypted, but not how to store them in the key storage of the CAAM module.

Can someone explain to me how we can use the CAAM as Secure Non-Volatile Storage?

Thanks.

Kind regards,

Erno

philbot991 · ‎08-26-2023

I am interested in this too. Is there an application note that details how to “use the job ring” to use the CAAM as secure nonvolatile storage? Thank you.

Erno · ‎08-28-2023

We are going to use the encryption route as that is the only method I find documentation about.

I cannot find anything on using the CAAM as a key store.

Erno · ‎08-22-2023

Ok, is there any concrete example / application note on how to do this?

Thanks,

Erno

ramprakash08 · ‎08-18-2023

Hi,

Yes, you are correct. The CAAM on the i.MX8 platform does provide secure key storage. The secure non-volatile storage you mentioned is part of this module. To use the CAAM as secure non-volatile storage, you will need to use the Job Ring module within the CAAM.

This module is responsible for managing and executing security jobs, including key storage. The keys are stored in the secure memory of the CAAM, which is only accessible by the CAAM itself.

Regards

Bio_TICFSL · ‎08-18-2023

Good (y)