HI All,
We are working on product based on imx6q and imx6sx for that we have requirement of to encrypt rootfs partition. I am trying to access following document but it seems that I am not authorized to access these documents. Can anyone from NXP provide me these documents :"The document "Root filesystem encryption using DM-Crypt"
https://community.nxp.com/docs/DOC-342300
In addition to that any documents related CAAM module and supporting software as starting point will be appreciated.
Is there any yocto project that I can use as starting point to verify hardware accelerated encryption and related things?
Thanks,
Jemish
Hello Jemish,
The i.MX 6 Security reference manual contains all the information on CAAM and it's capabilities. It´s on the web site. This is a moderated document but should not require an NDA. Please contact your local Freescale FAE to obtain access to this document.
At a high level the CAAM is a DMA master supporting the following capabilities:
Secure memory feature with HW enforced access control
Cryptographic authentication
* Hashing algorithms
* MD5
* SHA-1
* SHA-224
* SHA-256
* Message authentication codes (MAC)
* HMAC-all hashing algorithms
* AES-CMAC
* AES-XCBC-MAC
* Auto padding
* ICV checking
Authenticated encryption algorithms
* AES-CCM (counter with CBC-MAC)
Symmetric key block ciphers
* AES (128-bit, 192-bit or 256-bit keys)
* DES (64-bit keys, including key parity)
* 3DES (128-bit or 192-bit keys, including key parity)
Cipher modes
* ECB, CBC, CFB, OFB for all block ciphers
* CTR for AES
Symmetric key stream ciphers
* ArcFour (alleged RC4 with 40 - 128 bit keys)
* Random-number generation
* Entropy is generated via an independent free running ring oscillator
* Oscillator is off when not generating entropy; for lower-power consumption
* NIST-compliant, pseudo random-number generator seeded using hardware generated entropy
The NXP Linux BSP contains a CAAM driver to make use of the above features. The use of CAAM is via the Linux CryptoAPI. The driver itself is integrated with the Crypto API kernel service in which the algorithms supported by CAAM can replace the native SW implementations.
Regards
Hi Bio,
Thanks for you answer as per your suggestion I have sent download request for "i.MX 6 Security reference manual". I will update in this discussion once I have document.
Thanks,
Jemish