i.MX6 HAB/CAAM self-tests and CAVP validation

awright · ‎05-11-2016

I am trying to get FIPS 140-2 certification. Doing so requires the crypto systems to perform known answer tests (KAT) on initialization. It is my understanding that the bootROM performs a self-test of the CAAM RNG and SHA before performing the HAB authentication. I could not find any details about the self-tests that are being performed. Does it only test the RNG and SHA algorithms? Does it use standard KAT vectors in the test?

Also, I am looking for a way to perform the CAVP validation tests on the CAAM algorithms. Has Freescale or NXP had the algorithms tested by NIST, as it appears they have done with the PowerQUICC, QorIQ, and StarCore devices?

Yuri · ‎05-12-2016

Hello,

Details of bootROM self-testing are not provided. Nevertheless, You may look

at the “Security Reference Manual for i.MX 6Dual, 6Quad, 6Solo, and 6DualLite”

In particular - section 5.7.3.2.2 (RNG NIST certification).

https://www.nxp.com/webapp/Download?colCode=IMX6DQ6SDLSRM&appType=moderatedWithoutFAE&fpsp=1&WT_TYPE...

Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

i.MX6 HAB/CAAM self-tests and CAVP validation

i.MX6 HAB/CAAM self-tests and CAVP validation

i.MX6DL

Linux