Keys creation with CAAM and OP-TEE

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Keys creation with CAAM and OP-TEE

1,094 次查看
M_J
Contributor I
We want to perform authentication with CAAM and OP-TEE without revealing private key (just keep it in CAAM). We are using i.MX8MM and branch 5.4.70_2.3.0 with corresponding kernel and u-boot.
This is typical scenario:
  • generate public key to corresponding private key (without revealing it at any step, the best is to use secure world) and send it to backend
  • pass data to TA (trusted application), decrypt data encrypted by public key, solve challenge, encrypt it and send back to backend 
We have troubles in understanding, some details:
  • Is the proposed scenario possible? We considered options like creating black key blobs (AN12838) in OP-TEE or using manufacturing protection (AN13222) - are we on the right track?
  • We have seen a repository https://source.codeaurora.org/external/imxsupport/imx_sec_apps/, however it is hard to figure out whether our idea is possible or not. Do you have more detailed examples or documentation?
  • Is it possible to simultaneously use CAAM from OP-TEE and from kernel?
  • We have seen support mostly for 4.14, is 5.4 supported as well?
We would appreciate any feedback and/or suggestions. It would be extremely helpful to receive relevant documentation and/or examples.

Moreover we would like to have access to document https://community.nxp.com/docs/DOC-343388, however from my account access is denied. We have signed NDA with NXP, could you grant me access to mentioned document?
0 项奖励
回复
2 回复数

1,069 次查看
M_J
Contributor I

Hi @jimmychan 
I have created ticket as you requested.
Is it enough to proceed with the issue?

0 项奖励
回复

1,078 次查看
jimmychan
NXP TechSupport
NXP TechSupport

We need to verify your NDA and then send you the information. It is better to create a ticket for this.

https://support.nxp.com/s/

 

Thanks.

0 项奖励
回复