The focus of this group is security and its tools issues, which cover topics about on-chip security features and settings. The group’s focus covers these issues for all i.MX devices and OS’s.
Do I can download the document and sample code to demonstrate how to implemnet trustzone in i.mx6? We need to use trustzone in the game console product. Thanks.
Hello forum!
Not so crowded here, eh?
I start to wonder if anyone at all is using fsl PISA...
But still I'll give it a try...
i.MX PISA security-related SW can be found in http://git.freescale.com/git/
(i personally clone remotes/origin/imx_3.0.35_1.1.0 branch)
All sec-related code is in drivers/mxc/security dir.
4 drivers/modules are involved in fsl SHW framework:
1. shw
2. rng
3. dryice
4. scc
Hope it's useful for somebody.
You are right, Linux for i.MX25 provides so called
Freescale Security Hardware API (FSL SHW API), which is intended
for access to security hardware components of Freescale.
To get more details how it may be used with i.MX25, please apply to
1) Chapter 18 (DryIce Driver) of “pdk2009_12_imx25_Linux_RM.pdf”
and
2) DOXYGEN documentation
in Linux documentation package on the Web.
Relevant functions may be found as “fsl_shw_*”.
As has been mentioned, SAHARA is not included in i.MX25,
but some (general purpose, 3DES) crypto acceleration is available
for i.MX25, since the DryIce can work in pair with the SCC,
providing (external) keys.
Thx!
Hello everyone,
Our company is working with IMX258 cpu with PISA (Platform-Independent Sec Architecture).
We manage to bring our HW to life with latest u-boot v2013.01 && linux 3.2.xx.
We have signed the image, and boot in the security mode.
Now the problem is that we need to export sec-related drivers API into the user space to test device tampering etc...
What I found up to now -- is SAHARA2 Security Hardware Support with CONFIG_MXC_SAHARA flag.
My question is the following: where can I get latest security-related src code? If there is any git repo where I can clone from?
BTW we've got initial USB HAB bootstrap working from linux (command line tool for virgin imx258 bootstrapping). It's good to have some git repo where I can push && commit new sw.
Thank you for your help
Yury
As I know the i.MX25 has no SAHARA module.
2 sub-frameworks are located in 'drivers/mxc/security' directory:
a. rng
b. sahara2
Exactly as you said -- imx258 does not have any SAHARA. So rng should be used.
It has an API to the userland and can be found in shw_driver.h (shw_user_request_t).
No DryIce interaction is possible with this ioctl. It should be extended.
Hope someone will find this info useful.
Hi Sujata,
Can you provide the i.MX_TrustArchitecture_23Mar12.pdf PDF again as the above link is showing error while loading the Page.
If possible provide any other document which tells about the implementation of the TrustZone on IMX53/IM6 Sololite.
hi sujata,
We are company from hyderabad India, working on imx258.
We are using IMX258 but we want to implement security feature which is pci complaint. Use SCC for secure pin encryption with TMK management from bank side.
We need a good webinar or training material on hab/SCC/Drye ice
Hi Sujata,
I am interested on enabling HAB on iMx53.
I have received many information under NDA, but still not able to deploy it. We don´t know where the error is.
How can I get help? How to debug it?
To add to Sujata's comments, i.MX 6 in addition to the i.MX5 famility all support TrustZone. There is no restriction on the use of TrustZone on any of these ICs. The cores boot natively to the secure world.
Gopu,
The i.MX 6 Series has not gone through a full market launch yet. However, we do have partners who are offering embedded board solutions.Here's a link with available solutions at this time: http://imxcommunity.org/profiles/blogs/i-mx6-boards.
Hello Sujata,
We are trying to develop a open source trustzone software framework. I would like to know whether we have imx6 based open board to try the trustzone feature.
Hello Sujata :
Additional info : we are including security function on our product already running without security using i.mx258. This micro doesn't have examples, so we are adapting from imx53 and imx28. If you have some example or info specific of i.mx258, it would be welcome.
Note : we already have the CST files.
Hello Sujata :
I need the ZIP file(s) of pages 49, 50 and 51 of the last PDF presentation (apr 27)..
Ronald, what specific files are you looking for? The CST files are on our website. Go to www.freescale.com and search for "IMX_CST_TOOL".
Hi, we are developing a security product using imx258, and this is useful. Could someone please send the ZIP files associated to the presentation ?
Hi, This presentation covers aspects of using security on the i.MX28 and i.MX53. It was presented at last year's FTF and has recently been updated with more information.
GW: See attachment in post below.
Regards,
Grant