Mechanism to protect data (similar HAB)

alexberenshtein · ‎07-18-2017

We see that there in CPU i.MX6 - Linux High Assurance Boot (HAB).
This Mechanism it support security U-Boot & Kernel image , & OTP mechanism (fuse).
It's clear.

My question:
How can I use this or a similar mechanism to protect data.
For example File System , zip-files , tar-files.

alexberenshtein · ‎07-18-2017

Thank for you help.

My new 2 question:

1.

where is API for this kernel module.

I do not see API ( Interface) for enter from User Space to Kernel Space.

2.

In according with you answer "You can use boot ROM (HAB API) function authenticate_image"

Where are these function , what is a name these function ?

Best regards.

Yuri · ‎12-13-2017

Hello,

refer to the following https://community.nxp.com/message/967703

Regards,

Yuri.

Yuri · ‎07-18-2017

Hello,

code / data signing approach (used in HAB technology) in general may be applied to protect any

block of data. You can use boot ROM (HAB API) function authenticate_image. But we do not have

solutions to use the i.MX HAB technology under Linux. For relatively big file systems - perhaps - it would

be better to rely on crypto file systems. Also, it is possible to apply blobs :

https://community.nxp.com/message/825746

Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

Mechanism to protect data (similar HAB)

Mechanism to protect data (similar HAB)

i.MX53

i.MX6_All

i.MX6DL

i.MX6Dual

i.MX6DualPlus6QuadPlus

i.MX6Quad

i.MX6S

i.MX6SL

i.MX6SoloX

i.MX6UL