Need document perform encryption on IMX6Q and IMX6SX based boards

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Need document perform encryption on IMX6Q and IMX6SX based boards

1,070 Views
jemish_1990
Contributor IV

HI All,

We are working on product based on imx6q and imx6sx for that we have requirement of to encrypt rootfs partition. I am trying to access following document but it seems that I am not authorized to access these documents. Can anyone from NXP provide me these documents :"The document "Root filesystem encryption using DM-Crypt" 

https://community.nxp.com/docs/DOC-342300 

In addition to that any documents related CAAM module and supporting software as starting point will be appreciated.

Is there any yocto project that I can use as starting point to verify hardware accelerated encryption and related things?

Thanks,

Jemish

Labels (2)
0 Kudos
2 Replies

961 Views
Bio_TICFSL
NXP TechSupport
NXP TechSupport

Hello Jemish,

The i.MX 6 Security reference manual contains all the information on CAAM and it's capabilities.  It´s on the web site. This is a moderated document but should not require an NDA.  Please contact your local Freescale FAE to obtain access to this document.

 

At a high level the CAAM is a DMA master supporting the following capabilities:

 

Secure memory feature with HW enforced access control

Cryptographic authentication

  * Hashing algorithms

     * MD5

     * SHA-1

     * SHA-224

     * SHA-256

  * Message authentication codes (MAC)

     * HMAC-all hashing algorithms

     * AES-CMAC

     * AES-XCBC-MAC

  * Auto padding

  * ICV checking

Authenticated encryption algorithms

  * AES-CCM (counter with CBC-MAC)

Symmetric key block ciphers

  * AES (128-bit, 192-bit or 256-bit keys)

  * DES (64-bit keys, including key parity)

  * 3DES (128-bit or 192-bit keys, including key parity)

Cipher modes

  * ECB, CBC, CFB, OFB for all block ciphers

  * CTR for AES

Symmetric key stream ciphers

* ArcFour (alleged RC4 with 40 - 128 bit keys)

* Random-number generation

  * Entropy is generated via an independent free running ring oscillator

  * Oscillator is off when not generating entropy; for lower-power consumption

  * NIST-compliant, pseudo random-number generator seeded using hardware generated entropy

 

The NXP Linux BSP contains a CAAM driver to make use of the above features.  The use of CAAM is via the Linux CryptoAPI.  The driver itself is integrated with the Crypto API kernel service in which the algorithms supported by CAAM can replace the native SW implementations.

 

Regards

0 Kudos

961 Views
jemish_1990
Contributor IV

Hi Bio,

Thanks for you answer as per your suggestion I have sent download request for "i.MX 6 Security reference manual". I will update in this discussion once I have document. 

Thanks,

Jemish

0 Kudos