帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Secure RAM/memory with CAAM and IEE

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Secure RAM/memory with CAAM and IEE

‎11-03-2021 08:02 AM
2,450 次查看
joepvk
Contributor II

I am trying to understand how I could apply secure RAM on the i.MX8x.
This is what I know so far:
I do understand that CAAM is used for key generation based of the OTMPK.
And when running has a some secure RAM space for keys etc.
And CAAM is mainly used for secure memory with data blobs to retain secure memory across power cycles.
It seems IEE(Inline Encryption Engine) is used for securing RAM data. But it can also be used for secure memory. IEE can do this by using secret keys requested from CAAM through a private bus.

So now my question is:
Can I use CAAM for secure RAM or do I need to use IEE?
And also where can I find a guide or information to implement secure RAM?

标记 (4)
0 项奖励
回复
5 回复数

‎11-05-2021 02:06 AM
2,433 次查看
Yuri
NXP Employee
NXP Employee

@joepvk 
Hello,

   The Secure RAM cannot be used by customers directly.
BLOBs should be applied instead.

Regards,
Yuri.

0 项奖励
回复

‎11-09-2021 02:45 AM
2,417 次查看
joepvk
Contributor II

@Yuri 
So currently CAAM and it's BLOB mechanism is also used for secure RAM?
In the same order as secure memory?
For secure RAM: ((data+key) = blob) and save this to heap/stack depending.
Or should a different mechanism be used for RAM?

Sorry for the "double" question but I'm trying to make things clear for myself.

0 项奖励
回复

‎11-09-2021 10:19 PM
2,414 次查看
Yuri
NXP Employee
NXP Employee

@joepvk 
Hello,

  secure RAM is used by CAAM for its internal operations, and it is not
accessible for users. BLOB can be located in external memory. It is
accessible and protected by the master key.

Regards,
Yuri.

0 项奖励
回复

‎11-11-2021 04:08 AM
2,405 次查看
joepvk
Contributor II

Thank you for the replies @Yuri.
This answers the CAAM part of my question.

Now the other part of the question which I phrased badly at first because Secure RAM is part of CAAM.

How would you go about protecting data that is stored in RAM(stack/heap data)?
Or phrased differently:
How can you make it so that RAM data cannot be read/accessed by non authorized users?

0 项奖励
回复

‎11-11-2021 08:11 PM
2,398 次查看
Yuri
NXP Employee
NXP Employee

@joepvk 
Hello,

    Customers can use an external devices, such as SE050

https://www.nxp.com/docs/en/data-sheet/SE050-DATASHEET.pdf

  Also, standard OS approaches, such as virtualization, to protect data
may be applied.

Regards,
Yuri.

0 项奖励
回复