Mechanism to protect data (similar HAB)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Mechanism to protect data (similar HAB)

936 Views
alexberenshtein
Contributor III

We see that there  in CPU i.MX6 - Linux High Assurance Boot  (HAB).
This Mechanism  it support security U-Boot & Kernel image ,  & OTP mechanism (fuse).
It's clear.

My question:
How can I use this or a similar mechanism to protect data.
For example File System , zip-files , tar-files.

Tags (1)
3 Replies

504 Views
alexberenshtein
Contributor III

Thank for you help.

My new 2 question:

1.

where is API for this kernel module.

I do not see API ( Interface) for enter from User Space  to Kernel Space.

2.

In according with  you  answer "You can use boot ROM (HAB API) function authenticate_image"

Where are these function , what is a name these function ?

Best regards.

504 Views
Yuri
NXP Employee
NXP Employee

Hello,

  refer to the following https://community.nxp.com/message/967703 

Regards,

Yuri.

0 Kudos

504 Views
Yuri
NXP Employee
NXP Employee

Hello,

   code / data signing approach (used in HAB technology) in general may be applied to protect any

block of data. You can use boot ROM (HAB API) function authenticate_image. But  we do not have

solutions to use the i.MX HAB technology under Linux. For relatively big file systems - perhaps - it would

be better to rely on crypto file systems. Also, it is possible to apply blobs :

https://community.nxp.com/message/825746  

Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos