Keys creation with CAAM and OP-TEE

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Keys creation with CAAM and OP-TEE

1,095件の閲覧回数
M_J
Contributor I
We want to perform authentication with CAAM and OP-TEE without revealing private key (just keep it in CAAM). We are using i.MX8MM and branch 5.4.70_2.3.0 with corresponding kernel and u-boot.
This is typical scenario:
  • generate public key to corresponding private key (without revealing it at any step, the best is to use secure world) and send it to backend
  • pass data to TA (trusted application), decrypt data encrypted by public key, solve challenge, encrypt it and send back to backend 
We have troubles in understanding, some details:
  • Is the proposed scenario possible? We considered options like creating black key blobs (AN12838) in OP-TEE or using manufacturing protection (AN13222) - are we on the right track?
  • We have seen a repository https://source.codeaurora.org/external/imxsupport/imx_sec_apps/, however it is hard to figure out whether our idea is possible or not. Do you have more detailed examples or documentation?
  • Is it possible to simultaneously use CAAM from OP-TEE and from kernel?
  • We have seen support mostly for 4.14, is 5.4 supported as well?
We would appreciate any feedback and/or suggestions. It would be extremely helpful to receive relevant documentation and/or examples.

Moreover we would like to have access to document https://community.nxp.com/docs/DOC-343388, however from my account access is denied. We have signed NDA with NXP, could you grant me access to mentioned document?
0 件の賞賛
返信
2 返答(返信)

1,070件の閲覧回数
M_J
Contributor I

Hi @jimmychan 
I have created ticket as you requested.
Is it enough to proceed with the issue?

0 件の賞賛
返信

1,079件の閲覧回数
jimmychan
NXP TechSupport
NXP TechSupport

We need to verify your NDA and then send you the information. It is better to create a ticket for this.

https://support.nxp.com/s/

 

Thanks.

0 件の賞賛
返信