OTPMK? Master Key

cancel
Showing results for 
Search instead for 
Did you mean: 

OTPMK? Master Key

Jump to solution
2,778 Views
fsquestion
Contributor II

What is the OTPMK (OTP Master Key) and where do I find and generate it?

In "i.MX 6 Linux High Assurance Boot (HAB) User's Guide", after burning the SRK's using HW_OCOTP_SRK*, it says:

Burn OTPMK. These fuse values are necessary to enable the hardware secure logic in the chip.

>

echo 0x975b69a7 > HW_OCOTP_OTPMK0

echo 0xafae0b5d > HW_OCOTP_OTPMK1

echo 0x6f780499 > HW_OCOTP_OTPMK2

echo 0x3dda7a47 > HW_OCOTP_OTPMK3

echo 0x76fcba3c > HW_OCOTP_OTPMK4

echo 0x6d5c9ef6 > HW_OCOTP_OTPMK5

echo 0xb166b40a > HW_OCOTP_OTPMK6

echo 0x8f449c5d > HW_OCOTP_OTPMK7

I can't find any reference to OTPMK anywhere, including "Chapter 47: On-Chip OTP Controller (OCOTP_CTRL)" in the "i.MX 6Solo/6DualLite Applications Processor Reference Manual"

Labels (1)
1 Solution
711 Views
fsquestion
Contributor II

I will answer the question myself.  There are soo many documents.

In "i.MX 6Solo_6DualLite Security Reference Manual Rev c.pdf" see the following:

5.8.1.4 Master key and blobs

The special cryptographic key used for blobs is the 256-bit master key that CAAM

receives from SNVS. The secure key module uses this master key to derive keys that are

used for blob encryption and decryption when CAAM is in secure mode or trusted mode,

but uses a known test key for key derivation when CAAM is in non-secure mode or fail

mode.

View solution in original post

1 Reply
712 Views
fsquestion
Contributor II

I will answer the question myself.  There are soo many documents.

In "i.MX 6Solo_6DualLite Security Reference Manual Rev c.pdf" see the following:

5.8.1.4 Master key and blobs

The special cryptographic key used for blobs is the 256-bit master key that CAAM

receives from SNVS. The secure key module uses this master key to derive keys that are

used for blob encryption and decryption when CAAM is in secure mode or trusted mode,

but uses a known test key for key derivation when CAAM is in non-secure mode or fail

mode.

View solution in original post