帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Trusty RPMB Key question

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Trusty RPMB Key question

‎04-03-2019 03:16 AM
4,383 次查看
zhongyue_li
Contributor II

Dear NXP engineers,

I am from China Hirain company, now i am working on security features on IMX8 with android auto P OS.

I am trying to check RPMB key in trusty trustzone OS, however, it is failed in geting kbox via API "caam_get_keybox()".

struct keyslot_package* kbox = caam_get_keybox();    if (strncmp(kbox->magic, KEYPACK_MAGIC, 4)) {

       TLOGE("Invalid magic\n");
 return;
     }

the kbox->magic is null, so rpmb_keyblob cannot be get from caam keybox.

could you help check the reason why the kbox-> magic is null?
it seems there is something wrong with caam features on IMX8 android auto chipset.

However, i still want to know the common RPMB key concept on IMX7 or earlier chipset with CAAM featus.
for example, how is the RPMB key stored in the CAAM Keybox?

标签 (1)
标签
回复
3 回复数

‎04-03-2019 10:06 PM
3,614 次查看
b36401
NXP Employee
NXP Employee

Actually i.MX8 series is not launched yet and are not supported by our team (web support).

Sorry for the inconvenience.

0 项奖励
回复

‎04-04-2019 12:43 AM
3,614 次查看
zhongyue_li
Contributor II

Dear Victor, 

Thanks for your reply.

I know you cannot give us support on I.MX8 series.

However, our company already make a NDA with nxp,

we need check the security architecture in advance, and to design the android security as well in advance.

So could you give me some support for I.MX common concept?

Could you tell me which part will store the RPMB secure key to CAAM Secure RAM KeyBox?

Thanks a lot.

0 项奖励
回复

‎04-09-2019 12:58 AM
3,614 次查看
chenguoyin
NXP Employee
NXP Employee

You need to fuse the RPMB key to your emmc with fastboot cmds. You can find the instructions to do that in our release user guide.  Once you have fused, you cannot change it. So be careful to do that

 

 Two ways are provided to set the RPMB key. 

  1. Manually specify a 256-bit key and program it 

Firstly, a file contains the key need to be generated. In the default key file “rpmb_key_test.bin”, all 256 bits are zero. It can be generated with below commands: 

$ touch rpmb_key.bin 

$ echo –n “RPMB” > rpmb_key.bin 

$ echo –n -e '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' >> rpmb_key.bin 

 

The '\xHH' means eight-bit character whose value is the hexadecimal value 'HH'. You can replace above "00" with the key you want to set. 

 

Then, program the key with the file just generated 

Make the board enter fastboot mode, then execute below commands on host side: 

$ fastboot stage rpmb_key.bin 

$ fastboot oem set-rpmb-key 

 

  1. Program a random key 

Make the board enter fastboot mode, execute below commands on host side: 
$ fastboot oem set-rpmb-random-key 

 

After RPMB key programed with either of the two ways, reboot the board, the RPMB service in Trusty OS will be initialized successfully. 

 

The preceding two ways will program the key to eMMC fuse, a key blob will be generated base on the key value and the blob will be saved for TEE to use. In default condition, this key blob is saved in the 16383rd block of BOOT1 partition in eMMC for i.MX8QuadMax and i.MX8QuadXPlus. The BOOT1 partition size of eMMC on i.MX8QuadMax and i.MX8QuadXPlus is 8MB, we can find that the key blob is in the last block in BOOT1 partition. To prevent key blob from been tampered when the system is running, BOO1 partition will be set with power-on write protection when the board boot up. 

回复