Hi,
We want to store our private key on to OCRAM from linux user space application and use it in the signing operation. How to map the OCRAM memory in the linux user space application.
Also how to check the the portion of OCRAM memory already used by the kernel.
Thanks
Manoj
Hello,
It is not recommended to use OCRAM in user’s apps, since
the OCRAM may be used in Linux, please search OCRAM or IRAM
terms in “i.MX_Linux_Reference_Manual.pdf”.
Have a great day,
Yuri
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
As per i.MX_Linux_Reference_Manual.pdf manual, the Linux might be using for MLB Or Power management drivers. We haven't used the MLB modules and our device will be powered always. So if we set power management option to disable then will we be able to use the OCRAM from 0x00907000 - 0x00938000 on linux 3.10.17 ?
Thanks
Manoj
Hello,
Looks like it is possible, at least, You may try it.
Regards,
Yuri.
Hi Yuri,
We tried to use the OCRAM region for storing tjhe keys using the linker script But not able to read/write OCRAM region. The value we are fetching doesn't matches with the OCRAM content dumped using the MMAP call. Please suggest on programming the OCRAM memory properly.
Linker script:
1. Default linker script from the toolchain attached.
2. Our modification for the linker script is below (also attached)
3. The C program used to place the key in the OCRAM and output dumps also attached.
4. Map file for c program also attached, where "caterpillar_privkey" looks to be placed at right place.
#2, Modified sections of linker scripts (armelf_linux_eabi.x)
===========================================
/* Default linker script, for normal executables */
/* Copyright (C) 2014 Free Software Foundation, Inc.
Copying and distribution of this script, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved. */
OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm",
"elf32-littlearm")
OUTPUT_ARCH(arm)
ENTRY(_start)
SEARCH_DIR("=/opt/arada/arm-arada-linux-gnueabihf/arm-arada-linux-gnueabihf/lib"); SEARCH_DIR("=/usr/local/lib"); SEARCH_DIR("=/lib"); SEARCH_DIR("=/usr/lib");
/*MEMORY
{
pseudo_ocram (rw) : ORIGIN = 0x910000, LENGTH = 0x800
}
*/
SECTIONS
{
.bss 0x910000 :
{
KEEP (*(.pseudo_seg))
}
}
INSERT AFTER .data;
MAP files
=========
.bss 0x00910000 0x70
*(.pseudo_seg)
.pseudo_seg 0x00910000 0x64 bin/ocram.o
0x00910000 caterpillar_privkey
*(.dynbss)
*fill* 0x00910064 0x4
.dynbss 0x00910068 0x4 /opt/arada/arm-arada-linux-gnueabihf/arm-arada-linux-gnueabihf/sysroot/usr/lib/crt1.o
0x00910068 stderr@@GLIBC_2.4
*(.bss .bss.* .gnu.linkonce.b.*)
.bss 0x0091006c 0x0 /opt/arada/arm-arada-linux-gnueabihf/arm-arada-linux-gnueabihf/sysroot/usr/lib/crt1.o
.bss 0x0091006c 0x0 /opt/arada/arm-arada-linux-gnueabihf/arm-arada-linux-gnueabihf/sysroot/usr/lib/crti.o
.bss 0x0091006c 0x1 /opt/arada/arm-arada-linux-gnueabihf/lib/gcc/arm-arada-linux-gnueabihf/4.9.3/crtbegin.o
.bss 0x0091006d 0x0 bin/ocram.o
.bss 0x0091006d 0x0 /opt/arada/arm-arada-linux-gnueabihf/arm-arada-linux-gnueabihf/sysroot/usr/lib/libc_nonshared.a(elf-init.oS)
.bss 0x0091006d 0x0 /opt/arada/arm-arada-linux-gnueabihf/lib/gcc/arm-arada-linux-gnueabihf/4.9.3/crtend.o
.bss 0x0091006d 0x0 /opt/arada/arm-arada-linux-gnueabihf/arm-arada-linux-gnueabihf/sysroot/usr/lib/crtn.o
*(COMMON)
0x00910070 . = ALIGN ((. != 0x0)?0x4:0x1)
*fill* 0x0091006d 0x3
#3, C program
===============
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#define CODE_BASE_ADDR_START 0x910000
uint8_t __attribute__((section (".pseudo_seg"))) caterpillar_privkey[100];
void * MapMemory(unsigned int address, int size)
{
int32_t fd;
void *ret_addr;
fd = open("/dev/mem", O_RDWR | O_SYNC);
if (fd == -1) {
perror("open");
return NULL;
}
ret_addr = mmap(0, size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, address);
if (ret_addr == MAP_FAILED) {
perror("mmap");
ret_addr = NULL;
}
if (close(fd) == -1) {
perror("close");
}
return ret_addr;
}
int main(void)
{
int32_t k;
void *mem = MapMemory(CODE_BASE_ADDR_START, 4096);
fprintf(stderr, "*********************caterpillar key base=%p value=0x%0x, \n", caterpillar_privkey, caterpillar_privkey[0]);
#if 0
memset(caterpillar_privkey, 0xa, sizeof(caterpillar_privkey));
#endif
fprintf(stderr, "\nDump caterpillar_privkey on iram mem at %p len=%d [linker script region]\n\n", caterpillar_privkey, sizeof(caterpillar_privkey));
for (k = 0; k < sizeof(caterpillar_privkey); k++) {
fprintf(stderr, "0x%02x ", caterpillar_privkey[k]);
}
fprintf(stderr, "\nDump caterpillar_privkey on iram mem at %p len=%d [linker script region] Endddddddddddd\n\n", caterpillar_privkey, sizeof(caterpillar_privkey));
#if 1
fprintf(stderr, "Dump mem at %p len=%d using mmap to cross check \n\n", mem, sizeof(caterpillar_privkey));
for (k = 0; k < sizeof(caterpillar_privkey); k++) {
fprintf(stderr, "0x%02x ", ((uint8_t *) mem) [k]);
}
fprintf(stderr, "\nDump mem using mmap endddddddddddddddddddddddd\n\n");
#endif
return 0;
Execution output:
==============
# /var/ocram_test
*********************caterpillar key base=0x910000 value=0x0,
Dump caterpillar_privkey on iram mem at 0x910000 len=100 [linker script region]
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
Dump caterpillar_privkey on iram mem at 0x910000 len=100 [linker script region] Endddddddddddd
Dump mem at 0x76f5f000 len=100 using mmap to cross check
0xec 0x1a 0x42 0x4d 0xb3 0x62 0x55 0xe2 0x49 0xe6 0xba 0x77 0x96 0x77 0xa4 0x84 0x7b 0x76 0xf0 0x33 0xe2 0x42 0x17 0x88 0xe6 0xbd 0x53 0x5a 0xe5 0x31 0x57 0xaf 0x3d 0xbe 0x8b 0x1a 0x0f 0xba 0x9c 0x17 0x2e
0x31 0xe5 0x39 0xf7 0x65 0x27 0xfa 0x7f 0xc9 0xe2 0x65 0xfb 0xf2 0x13 0xbb 0x0f 0xd2 0x91 0x4f 0xa9 0x84 0x1b 0x2a 0xd2 0x6e 0x86 0xb2 0x29 0xc8 0xd6 0x2c 0x15 0x2b 0xff 0x4d 0xdf 0xbc 0x73 0xbf 0x09 0x61
0xd8 0x73 0x3a 0x89 0xaa 0x7a 0xb3 0x6a 0xcd 0xf0 0x9a 0xa8 0x97 0x3a 0x29 0x31 0xb2 0x32
Dump mem using mmap endddddddddddddddddddddddd
/* Dumping memory at the U-boot to make sure same content exist on OCRAM */
U-Boot 2016.03 (Dec 06 2017 - 11:54:13 +0530)
CPU: Freescale i.MX6Q rev1.5 at 792 MHz
Reset cause: WDOG
Board: SABRE Lite
I2C: ready
DRAM: 1 GiB
MMC: FSL_SDHC: 0, FSL_SDHC: 1
SF: Detected SST25VF016B with page size 256 Bytes, erase size 4 KiB, total 2 MiB
Display: hdmi:1280x720M@60 (1280x720)
In: serial
Out: serial
Err: serial
Net: Micrel ksz9021 at 7
FEC [PRIME], usb_ether
Hit any key to stop autoboot: 0
Enter passphrase to stop autoboot:
LC3_HAB => md 0x910000
00910000: 4d421aec e25562b3 77bae649 84a47796 ..BM.bU.I..w.w..
00910010: 33f0767b 881742e2 5a53bde6 af5731e5 {v.3.B....SZ.1W.
00910020: 1a8bbe3d 179cba0f 39e5312e fa2765f7 =........1.9.e'.
00910030: 65e2c97f bb13f2fb 4f91d20f 2a1b84a9 ...e.......O...*
00910040: b2866ed2 2cd6c829 4dff2b15 bf73bcdf .n..)..,.+.M..s.
00910050: 73d86109 7aaa893a f0cd6ab3 3a97a89a .a.s:..z.j.....:
00910060: 32b23129 724ea2b0 02cc1510 564da177 )1.2..Nr....w.MV
00910070: 7b646936 4dd721ad 4b80692f 22ecdc98 6id{.!.M/i.K..."
00910080: 682e525f 5c0bed9a 1218fa32 9ef66eb6 _R.h...\2....n..
00910090: 728c29d8 1197b647 997247c0 37ab36a2 .).rG....Gr..6.7
009100a0: 72c571e1 4c6b3bda 49f2639f c719b88e .q.r.;kL.c.I....
009100b0: 9dca08b3 3a9140cc 2d3baf94 93875366 .....@.:..;-fS..
009100c0: a465e61b 2c6bb79e ce61f195 75e89607 ..e...k,..a....u
009100d0: e53cc9af 4953b4db a497ca23 206f5f87 ..<...SI#...._o
009100e0: ab309c04 03ae7f91 cf2c65cf 017420b4 ..0......e,.. t.
009100f0: b09f5053 5104ac83 ea898c88 3e737bc2 SP.....Q.....{s>
The attachment available at below link
Hello,
As for general approach how to protect user keys and sensitive data with black
key and blob - You may create request / ticket.
Regards,
Yuri.
Hi Yuri,
Want to keep some data in OCRAM. Can you please look at the above method and let us know whats going wrong. For key storage we will use raise the support request.
Cheers
Manoj