Security and Related Tools - wall comments

admin · ‎09-02-2011

The focus of this group is security and its tools issues, which cover topics about on-chip security features and settings. The group’s focus covers these issues for all i.MX devices and OS’s.

stevetsai · ‎05-02-2013

Do I can download the document and sample code to demonstrate how to implemnet trustzone in i.mx6? We need to use trustzone in the game console product. Thanks.

Yuri · ‎07-23-2013

Please use the enclosed my (very draft, sorry) example, based on ARM one.

YuryGeorgievski · ‎01-31-2013

Hello forum!

Not so crowded here, eh?

I start to wonder if anyone at all is using fsl PISA...

But still I'll give it a try...

i.MX PISA security-related SW can be found in http://git.freescale.com/git/

(i personally clone remotes/origin/imx_3.0.35_1.1.0 branch)

All sec-related code is in drivers/mxc/security dir.

4 drivers/modules are involved in fsl SHW framework:

1. shw

2. rng

3. dryice

4. scc

Hope it's useful for somebody.

Yuri · ‎01-31-2013

You are right, Linux for i.MX25 provides so called
Freescale Security Hardware API (FSL SHW API), which is intended
for access to security hardware components of Freescale.

To get more details how it may be used with i.MX25, please apply to

1) Chapter 18 (DryIce Driver) of “pdk2009_12_imx25_Linux_RM.pdf”
and
2) DOXYGEN documentation

in Linux documentation package on the Web.

Relevant functions may be found as “fsl_shw_*”.

As has been mentioned, SAHARA is not included in i.MX25,

but some (general purpose, 3DES) crypto acceleration is available

for i.MX25, since the DryIce can work in pair with the SCC,

providing (external) keys.

YuryGeorgievski · ‎02-04-2013

Thx!

YuryGeorgievski · ‎01-30-2013

Hello everyone,

Our company is working with IMX258 cpu with PISA (Platform-Independent Sec Architecture).

We manage to bring our HW to life with latest u-boot v2013.01 && linux 3.2.xx.

We have signed the image, and boot in the security mode.

Now the problem is that we need to export sec-related drivers API into the user space to test device tampering etc...

What I found up to now -- is SAHARA2 Security Hardware Support with CONFIG_MXC_SAHARA flag.

My question is the following: where can I get latest security-related src code? If there is any git repo where I can clone from?

BTW we've got initial USB HAB bootstrap working from linux (command line tool for virgin imx258 bootstrapping). It's good to have some git repo where I can push && commit new sw.

Thank you for your help

Yury

Yuri · ‎01-31-2013

As I know the i.MX25 has no SAHARA module.

YuryGeorgievski · ‎01-31-2013

2 sub-frameworks are located in 'drivers/mxc/security' directory:

a. rng

b. sahara2

Exactly as you said -- imx258 does not have any SAHARA. So rng should be used.

It has an API to the userland and can be found in shw_driver.h (shw_user_request_t).

No DryIce interaction is possible with this ioctl. It should be extended.

Hope someone will find this info useful.

neerajsrivastav · ‎12-01-2012

Hi Sujata,

Can you provide the i.MX_TrustArchitecture_23Mar12.pdf PDF again as the above link is showing error while loading the Page.

If possible provide any other document which tells about the implementation of the TrustZone on IMX53/IM6 Sololite.

rajansoma · ‎06-21-2012

hi sujata,

We are company from hyderabad India, working on imx258.

We are using IMX258 but we want to implement security feature which is pci complaint. Use SCC for secure pin encryption with TMK management from bank side.

We need a good webinar or training material on hab/SCC/Drye ice

hersioiwamoto · ‎06-21-2012

Hi Sujata,

I am interested on enabling HAB on iMx53.

I have received many information under NDA, but still not able to deploy it. We don´t know where the error is.

How can I get help? How to debug it?

rodz · ‎06-03-2012

To add to Sujata's comments, i.MX 6 in addition to the i.MX5 famility all support TrustZone. There is no restriction on the use of TrustZone on any of these ICs. The cores boot natively to the secure world.

sujataneidig · ‎06-01-2012

Gopu,

The i.MX 6 Series has not gone through a full market launch yet. However, we do have partners who are offering embedded board solutions.Here's a link with available solutions at this time: http://imxcommunity.org/profiles/blogs/i-mx6-boards.

GopuSubramanian · ‎05-29-2012

Hello Sujata,

We are trying to develop a open source trustzone software framework. I would like to know whether we have imx6 based open board to try the trustzone feature.

www.openvirtualization.org

ronaldbenvenutt · ‎05-28-2012

Hello Sujata :

Additional info : we are including security function on our product already running without security using i.mx258. This micro doesn't have examples, so we are adapting from imx53 and imx28. If you have some example or info specific of i.mx258, it would be welcome.

ronaldbenvenutt · ‎05-28-2012

Note : we already have the CST files.

ronaldbenvenutt · ‎05-28-2012

Hello Sujata :

I need the ZIP file(s) of pages 49, 50 and 51 of the last PDF presentation (apr 27)..

sujataneidig · ‎05-25-2012

Ronald, what specific files are you looking for? The CST files are on our website. Go to www.freescale.com and search for "IMX_CST_TOOL".

ronaldbenvenutt · ‎05-25-2012

Hi, we are developing a security product using imx258, and this is useful. Could someone please send the ZIP files associated to the presentation ?

sujataneidig · ‎04-11-2012

Hi, This presentation covers aspects of using security on the i.MX28 and i.MX53. It was presented at last year's FTF and has recently been updated with more information.

GW: See attachment in post below.

Regards,

Grant