Security and Related Tools - wall comments

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security and Related Tools - wall comments

4,977 Views
admin
Specialist II

The focus of this group is security and its tools issues, which cover topics about on-chip security features and settings.  The group’s focus covers these issues for all i.MX devices and OS’s.

0 Kudos
Reply
23 Replies

3,313 Views
stevetsai
Contributor III

Do I can download the document and sample code to demonstrate how to implemnet trustzone in i.mx6? We need to use trustzone in the game console product. Thanks.

0 Kudos
Reply

3,313 Views
Yuri
NXP Employee
NXP Employee

Please use the enclosed my (very draft, sorry) example, based on ARM one.

0 Kudos
Reply

3,313 Views
YuryGeorgievski
Contributor I

Hello forum!

Not so crowded here, eh?

I start to wonder if anyone at all is using fsl PISA...

But still I'll give it a try...

i.MX PISA security-related SW can be found in http://git.freescale.com/git/

(i personally clone  remotes/origin/imx_3.0.35_1.1.0 branch)

All sec-related code is in drivers/mxc/security dir.

4 drivers/modules are involved in fsl SHW framework:

    1. shw

    2. rng

    3. dryice

    4. scc

Hope it's useful for somebody.

0 Kudos
Reply

3,313 Views
Yuri
NXP Employee
NXP Employee

   You are right, Linux for i.MX25 provides so called
Freescale Security Hardware API (FSL SHW API), which is intended
for access to security hardware components of Freescale.

To get more details how it may be used with i.MX25, please apply to
 

1) Chapter 18 (DryIce Driver) of “pdk2009_12_imx25_Linux_RM.pdf”
and
2) DOXYGEN documentation

 
in Linux documentation package on the Web.

Relevant functions may be found as “fsl_shw_*”.

   As has been mentioned, SAHARA is not included in i.MX25,

but some (general purpose, 3DES) crypto acceleration is available

for i.MX25, since the DryIce can work in pair with the SCC,

providing (external) keys. 

0 Kudos
Reply

3,313 Views
YuryGeorgievski
Contributor I

Thx!

0 Kudos
Reply

3,313 Views
YuryGeorgievski
Contributor I

Hello everyone,

Our company is working with IMX258 cpu with PISA (Platform-Independent Sec Architecture).

We manage to bring our HW to life with latest u-boot v2013.01 && linux 3.2.xx.

We have signed the image, and boot in the security mode.

Now the problem is that we need to export sec-related drivers API into the user space to test device tampering etc...

What I found up to now -- is  SAHARA2 Security Hardware Support with CONFIG_MXC_SAHARA flag.

My question is the following: where can I get latest security-related src code? If there is any git repo where I can clone from?

BTW we've got initial USB HAB bootstrap working from linux (command line tool for virgin imx258 bootstrapping). It's good to have some git repo where I can push && commit new sw.

Thank you for your help

Yury

0 Kudos
Reply

3,313 Views
Yuri
NXP Employee
NXP Employee

As I know the i.MX25 has no SAHARA module.

0 Kudos
Reply

3,313 Views
YuryGeorgievski
Contributor I

2 sub-frameworks are located in 'drivers/mxc/security' directory:

a. rng

b. sahara2

Exactly as you said -- imx258 does not have any SAHARA. So rng should be used.

It has an API to the userland and can be found in shw_driver.h (shw_user_request_t).

No DryIce interaction is possible with this ioctl. It should be extended.

Hope someone will find this info useful.

0 Kudos
Reply

3,313 Views
neerajsrivastav
Contributor I

Hi Sujata,

Can you provide the i.MX_TrustArchitecture_23Mar12.pdf PDF again as the above link is showing error while loading the Page.

If possible provide any other document which tells about the implementation of the TrustZone on IMX53/IM6 Sololite.



0 Kudos
Reply

3,313 Views
rajansoma
Contributor I

hi sujata,


We are company from hyderabad India, working on imx258.


We are using IMX258 but we want to implement security feature which is pci complaint.  Use SCC for secure pin encryption with TMK management from bank side.

We need a good webinar or training material on hab/SCC/Drye ice

0 Kudos
Reply

3,313 Views
hersioiwamoto
Contributor I

Hi Sujata,

I am interested on enabling HAB on iMx53.

I have received many information under NDA, but still not able to deploy it. We don´t know where the error is.

How can I get help? How to debug it?

0 Kudos
Reply

3,313 Views
rodz
Contributor III

To add to Sujata's comments, i.MX 6 in addition to the i.MX5 famility all support TrustZone.  There is no restriction on the use of TrustZone on any of these ICs.  The cores boot natively to the secure world.

0 Kudos
Reply

3,313 Views
sujataneidig
NXP Employee
NXP Employee

Gopu,


The i.MX 6 Series has not gone through a full market launch yet.  However, we do have partners who are offering embedded board solutions.Here's a link with available solutions at this time: http://imxcommunity.org/profiles/blogs/i-mx6-boards.

0 Kudos
Reply

3,313 Views
GopuSubramanian
Contributor I

Hello Sujata,

We are trying to develop a open source trustzone software framework. I would like to know whether we  have imx6 based open board to try the trustzone feature.

www.openvirtualization.org

0 Kudos
Reply

3,313 Views
ronaldbenvenutt
Contributor I

Hello Sujata :

Additional info : we are including security function on our product already running without security using i.mx258. This micro doesn't have examples, so we are adapting from imx53 and imx28. If you have some example or info specific of i.mx258, it would be welcome.

0 Kudos
Reply

3,309 Views
ronaldbenvenutt
Contributor I

Note : we already have the CST files.

0 Kudos
Reply

3,313 Views
ronaldbenvenutt
Contributor I

Hello Sujata :

I need the ZIP file(s) of pages 49, 50 and 51 of the last PDF presentation (apr 27)..

0 Kudos
Reply

3,313 Views
sujataneidig
NXP Employee
NXP Employee

Ronald, what specific files are you looking for?  The CST files are on our website.  Go to www.freescale.com and search for "IMX_CST_TOOL".

0 Kudos
Reply

3,313 Views
ronaldbenvenutt
Contributor I

Hi, we are developing a security product using imx258, and this is useful. Could someone please send the ZIP files associated to the presentation ?

0 Kudos
Reply

3,313 Views
sujataneidig
NXP Employee
NXP Employee

Hi, This presentation covers aspects of using security on the i.MX28 and i.MX53.  It was presented at last year's FTF and has recently been updated with more information.

GW: See attachment in post below.

Regards,

Grant

0 Kudos
Reply