Secure RAM/memory with CAAM and IEE

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Secure RAM/memory with CAAM and IEE

2,449件の閲覧回数
joepvk
Contributor II

I am trying to understand how I could apply secure RAM on the i.MX8x.
This is what I know so far:
I do understand that CAAM is used for key generation based of the OTMPK.
And when running has a some secure RAM space for keys etc.
And CAAM is mainly used for secure memory with data blobs to retain secure memory across power cycles.
It seems IEE(Inline Encryption Engine) is used for securing RAM data. But it can also be used for secure memory. IEE can do this by using secret keys requested from CAAM through a private bus.

So now my question is:
Can I use CAAM for secure RAM or do I need to use IEE?
And also where can I find a guide or information to implement secure RAM?

ラベル(1)
タグ(4)
0 件の賞賛
返信
5 返答(返信)

2,432件の閲覧回数
Yuri
NXP Employee
NXP Employee

@joepvk 
Hello,

   The Secure RAM cannot be used by customers directly.
BLOBs should be applied instead.

Regards,
Yuri.

0 件の賞賛
返信

2,416件の閲覧回数
joepvk
Contributor II

@Yuri 
So currently CAAM and it's BLOB mechanism is also used for secure RAM?
In the same order as secure memory?
For secure RAM: ((data+key) = blob) and save this to heap/stack depending.
Or should a different mechanism be used for RAM?

Sorry for the "double" question but I'm trying to make things clear for myself.

0 件の賞賛
返信

2,413件の閲覧回数
Yuri
NXP Employee
NXP Employee

@joepvk 
Hello,

  secure RAM is used by CAAM for its internal operations, and it is not
accessible for users. BLOB can be located in external memory. It is
accessible and protected by the master key.

Regards,
Yuri.

0 件の賞賛
返信

2,404件の閲覧回数
joepvk
Contributor II

Thank you for the replies @Yuri.
This answers the CAAM part of my question.

Now the other part of the question which I phrased badly at first because Secure RAM is part of CAAM.

How would you go about protecting data that is stored in RAM(stack/heap data)?
Or phrased differently:
How can you make it so that RAM data cannot be read/accessed by non authorized users?

0 件の賞賛
返信

2,397件の閲覧回数
Yuri
NXP Employee
NXP Employee

@joepvk 
Hello,

    Customers can use an external devices, such as SE050

https://www.nxp.com/docs/en/data-sheet/SE050-DATASHEET.pdf

  Also, standard OS approaches, such as virtualization, to protect data
may be applied.

Regards,
Yuri.

0 件の賞賛
返信