FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Secure RAM/memory with CAAM and IEE

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Secure RAM/memory with CAAM and IEE

‎11-03-2021 08:02 AM
1,734 Views
joepvk
Contributor II

I am trying to understand how I could apply secure RAM on the i.MX8x.
This is what I know so far:
I do understand that CAAM is used for key generation based of the OTMPK.
And when running has a some secure RAM space for keys etc.
And CAAM is mainly used for secure memory with data blobs to retain secure memory across power cycles.
It seems IEE(Inline Encryption Engine) is used for securing RAM data. But it can also be used for secure memory. IEE can do this by using secret keys requested from CAAM through a private bus.

So now my question is:
Can I use CAAM for secure RAM or do I need to use IEE?
And also where can I find a guide or information to implement secure RAM?

Tags (4)
0 Kudos
Reply
5 Replies

‎11-05-2021 02:06 AM
1,717 Views
Yuri
NXP Employee
NXP Employee

@joepvk 
Hello,

   The Secure RAM cannot be used by customers directly.
BLOBs should be applied instead.

Regards,
Yuri.

0 Kudos
Reply

‎11-09-2021 02:45 AM
1,701 Views
joepvk
Contributor II

@Yuri 
So currently CAAM and it's BLOB mechanism is also used for secure RAM?
In the same order as secure memory?
For secure RAM: ((data+key) = blob) and save this to heap/stack depending.
Or should a different mechanism be used for RAM?

Sorry for the "double" question but I'm trying to make things clear for myself.

0 Kudos
Reply

‎11-09-2021 10:19 PM
1,698 Views
Yuri
NXP Employee
NXP Employee

@joepvk 
Hello,

  secure RAM is used by CAAM for its internal operations, and it is not
accessible for users. BLOB can be located in external memory. It is
accessible and protected by the master key.

Regards,
Yuri.

0 Kudos
Reply

‎11-11-2021 04:08 AM
1,689 Views
joepvk
Contributor II

Thank you for the replies @Yuri.
This answers the CAAM part of my question.

Now the other part of the question which I phrased badly at first because Secure RAM is part of CAAM.

How would you go about protecting data that is stored in RAM(stack/heap data)?
Or phrased differently:
How can you make it so that RAM data cannot be read/accessed by non authorized users?

0 Kudos
Reply

‎11-11-2021 08:11 PM
1,682 Views
Yuri
NXP Employee
NXP Employee

@joepvk 
Hello,

    Customers can use an external devices, such as SE050

https://www.nxp.com/docs/en/data-sheet/SE050-DATASHEET.pdf

  Also, standard OS approaches, such as virtualization, to protect data
may be applied.

Regards,
Yuri.

0 Kudos
Reply