Zeroizable Master Key delete

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Zeroizable Master Key delete

1,790 Views
sankarsalla
Contributor II

Hi All,

We are working on tamper detection on i.MX6UL-G3.

Tamper functionality is working,but when tamper detection is happens Zeroizable Master Key should be delete.

Can you please help us to how to delete Zeroizable Master Key when tamper detection is happens.

Thanks & Regards,

Sankar.

Labels (1)
0 Kudos
9 Replies

1,430 Views
sankarsalla
Contributor II

Hi Victor,

I have read the zmk register in driver,once external tamper detects zmk value automatically zero.

I have set zmk value is 0x11223344,before tampering zmk value is 0x11223344 and after tampered zmk value is zero.

So,i feel tamper detection working.

My quation is how to protect or delete a key ?

We are new in this concept,if you want any clarification please let us know.

Actually we have a key,once tamper occurred that key should be deleted automatically.

Can you please help us to where we have to keep that key and how to delete key once tamper occurs ?

Our projects timelines are very close to the date,can you please help us to solve this issue.

Thanks & Regards,

Sankar.   

 

0 Kudos

1,430 Views
sankarsalla
Contributor II

Hi Victor,

We are waiting for you valuable inputs.

Thanks & Regards,

Sankar.

0 Kudos

1,430 Views
sankarsalla
Contributor II

Hi Victor,

If you have any logs once Zeroizable Master Key deleted,please provide to us.

Thanks & Regards,

Sankar.

0 Kudos

1,430 Views
sankarsalla
Contributor II

Hi Victor,

I have read the LPTDSR register before and after tamper detection.

Before tamper detection LPTDSR register value is status.lptdsr=0 (Means no tamper occurred) 

After tamper detection LPTDSR register value is status.lptdsr=2 (Means External Tampering 4 Detected).

So,tamper is occurred,but my quation is How to confirm ZMK deleted ?

Where ZMK is stored in kernel and how to check ZMK is erased or not?

Thanks & Regards,

Sankar.

 

0 Kudos

1,430 Views
b36401
NXP Employee
NXP Employee

When tamper detection happens the ZMK is automatically lost. You do not need to do something special.

Have a great day,
Victor

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos

1,430 Views
hualing_yu
Contributor II

Hello Victor,

I have a ZMK question other way around -

How can ZMK survive LP loss?

ZMK register is in LP-SNVS, so it can hold its value as long as low power is present.  That is, after a long power outage of LP, ZMK will be lost by itself.  So if ZMK is selected as a component for the master key for CAAM, then the blobs the master key eventually protected (through blob-key encryption key and blob keys) will become inaccessible due to previous power loss of Low power source. 

The idea design is normal system power loss, no matter how long, shall not cause blob data inaccessible after power back on.  But after security violation, the blobs should not accessible even after POR. 

It seems that neither OTPMK or ZMK or both of them could help realize that.

Make sense?  Is there anyway to get around this?

Thank you!

Hualing

0 Kudos

1,430 Views
sankarsalla
Contributor II

Hi Victor,

Thanks,

I gone through i.MX6UL SRM.

Yes you are correct ,the block diagram says if tamper occurred ZMK is automatically reset.

Can you please provide how to encapsulation and decapsulation the BLOBS.

Thanks & Regards,

Sankar.

0 Kudos

1,430 Views
sankarsalla
Contributor II

Hi Victor,

thanks for quick reply.

How to confirm ZMK deleted or not ?

can you please give some steps to confirming of deletion of ZMK  (Actually we are new in this concept).

Thanks & Regards,

Sankar.

0 Kudos

1,430 Views
b36401
NXP Employee
NXP Employee

You can check if tamper detection occurred with SNVS_LP Tamper Detectors Status (LPTDSR) register.
It contains bits for each tamper.

For more details please refer to i.MX6UL Security Reference Manual.
This document can be ordered for download online on the processor's Documentation web page (check the "Reference Manual" section):
https://www.nxp.com/products/processors-and-microcontrollers/applications-processors/i.mx-applicatio...

0 Kudos