ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Is there any way in iMX6 to have Encryption/decryption mechanism unique per SOC

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

Is there any way in iMX6 to have Encryption/decryption mechanism unique per SOC

ソリューションへジャンプ
‎12-10-2015 10:03 PM
1,292件の閲覧回数
swapnilpendhare
Contributor III

Hi

As mentioned in earlier discussion Dose Data encryption done with help of black blob involve hardware key? , its clear that the Black blob generated with help of hardware key would be unique across boards; but encrypted data is going to be same if the black blob used for encryption , is created from same user key across boards.

Is there any way to generate unique encrypted data per SOC?

ラベル(1)
ラベル
0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎12-13-2015 11:21 PM
867件の閲覧回数
Yuri
NXP Employee
NXP Employee

Hello,

  The unique OTP Master Key (OTPMK) is used to encrypt and wrap the DEK (Data Encryption Key) in a blob.
The OTMPK is protected by the hardware and can be accessed only by CAAM. Consequently, this step has to
be executed on the target processor with software capable of using CAAM. 

  The fact that the OTPMK can only be accessed by CAAM means that the blob can only be decrypted by the
same processor that encrypted it. To further add to the security of the DEK, the blob is decapsulated and decrypted
inside a secure memory partition that can only be accessed by CAAM.


Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

元の投稿で解決策を見る

返信
1 返信

ソリューションへジャンプ
‎12-13-2015 11:21 PM
868件の閲覧回数
Yuri
NXP Employee
NXP Employee

Hello,

  The unique OTP Master Key (OTPMK) is used to encrypt and wrap the DEK (Data Encryption Key) in a blob.
The OTMPK is protected by the hardware and can be accessed only by CAAM. Consequently, this step has to
be executed on the target processor with software capable of using CAAM. 

  The fact that the OTPMK can only be accessed by CAAM means that the blob can only be decrypted by the
same processor that encrypted it. To further add to the security of the DEK, the blob is decapsulated and decrypted
inside a secure memory partition that can only be accessed by CAAM.


Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

返信