Using ZMK for blobs

eren_yilmaz · ‎09-12-2019

Thanks Yuri.

As a workaround for SEC_CONFIG being not set, can I use ZMK since that can be set in a non-secure mode, and have CAAM use that for blob encapsulation and decapsulation?

Yuri · ‎09-16-2019

Correct, ZMK cannot be used in non-secure mode with CAAM.

~Yuri.

View solution in original post

Yuri · ‎09-13-2019

Hello,

from i.MX6 Security RM:

When the chip is in the non-secure state, CAAM cannot decapsulate blobs that were
encapsulated while CAAM was in a trustworthy state (either secure state or trusted state).

Have a great day,
Yuri

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.

eren_yilmaz · ‎09-13-2019

Hello Yuri,

Yes I know that. But my question is for operations in non-secure state.

Can CAAM use ZMK to encapsulate and decapsulate blobs in a non-secure state?

Yuri · ‎09-16-2019

Hello,

In non-secure mode a fixed default key with a known value is used in place of the master key.

Regards,

Yuri.

eren_yilmaz · ‎09-16-2019

Hi Yuri,

So ZMK cannot be used in non-secure mode with CAAM? Instead of that default known key.

Thanks

Yuri · ‎09-16-2019

Correct, ZMK cannot be used in non-secure mode with CAAM.

~Yuri.