ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

iMX6 - 256-bit Zeroizable Master Key

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

iMX6 - 256-bit Zeroizable Master Key

ソリューションへジャンプ
‎06-26-2018 05:24 PM
2,204件の閲覧回数
viniciusmaciel
Contributor II

Hi,

I am using kernel 4.9.11 running on Wandboard. How do I read the 256-bit Zeroizable Master Key from iMX6 CPU fuse? 

Can I read from userspace or only from kernel space? Can I get this key from the CAAM driver?

Vini

ラベル(2)
ラベル
タグ(3)
0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎07-02-2018 09:26 AM
1,664件の閲覧回数
Bio_TICFSL
NXP TechSupport
NXP TechSupport 
Hi Vinicius,

ZMK value (or the ZMK XORed with the OTPMK) can be selected as the  master key input to 
the DCP. Please refer to Security Reference Manual for the i.MX 6ULL Applications Processor for more details.
  The unique OTP Master Key (OTPMK) is a random value stored in the non-volatile memory 
(typically fuses) outside the SNVS module.  OTPMK is factory preprogrammed.

  HAB incorporates signature verification using RSA public keys and the SHA-256 hash algorithm, but i.MX6 CAAM does not support asymmetric cryptographic acceleration..

Regards

元の投稿で解決策を見る

0 件の賞賛
返信
2 返答(返信)

ソリューションへジャンプ
‎07-02-2018 09:26 AM
1,665件の閲覧回数
Bio_TICFSL
NXP TechSupport
NXP TechSupport 
Hi Vinicius,

ZMK value (or the ZMK XORed with the OTPMK) can be selected as the  master key input to 
the DCP. Please refer to Security Reference Manual for the i.MX 6ULL Applications Processor for more details.
  The unique OTP Master Key (OTPMK) is a random value stored in the non-volatile memory 
(typically fuses) outside the SNVS module.  OTPMK is factory preprogrammed.

  HAB incorporates signature verification using RSA public keys and the SHA-256 hash algorithm, but i.MX6 CAAM does not support asymmetric cryptographic acceleration..

Regards

0 件の賞賛
返信

ソリューションへジャンプ
‎07-09-2018 01:04 PM
1,664件の閲覧回数
viniciusmaciel
Contributor II

Hi,

I am using sm_test.c(crypto/caam/sm_test.c) driver to try retrieve the OTP Master Key, but this driver actually has 4 keys(64 bits, 128 bits, 192 bits and 256 bits) with 2 groups: clear keys and black keys. The clear keys does not matter because is just a progression (0, 1, 2, 3, 4, ...). The "true" random keys are the black keys, so that is what we want. 

The problem is that everytime I reboot the Linux, i am getting different values for the 4 keys (64 bits, 128 bits, 192 bits and 256 bits).

Example:

[ 3.350716] platform caam_sm: 64-bit black key:
[ 3.353955] platform caam_sm: [0000] 12 e5 59 04 33 25 46 f9
[ 3.358318] platform caam_sm: [0008] c8 13 e4 d3 c1 45 27 bd

And in another boot:

[ 3.420722] platform caam_sm: 64-bit black key:
[ 3.423961] platform caam_sm: [0000] 67 f5 f6 f7 5a 3b 19 14
[ 3.428322] platform caam_sm: [0008] 4e f7 a7 85 66 14 44 f2

Are these keys supposed to be invariable?

0 件の賞賛
返信