iMX8 - Encryption key management

my_tcn0 · ‎05-06-2021

I'm working on iMX8 Quad module, and i need to manage an unique cryptographic key to encrypt/decrypt some internal files.

I would like to store this key (or a passphrase to generate it) in secure memory (HW not accesible and SW accessible for an authorized process).

In IMX8MDQLQRM.pdf section 6.3, OCOTP_CTRL provides API to store the key. My problem is, if anyone access to the userspace of my OS, he can access also to the OCOTP mounted module and can read the content of the eFuses.

Is it possible to disable the OCOTP_CTRL and access to the eFuses in another way? (with C API for exemple).

The SNVS (Section 6.4) provides also the possibility to manage keys. Is there some privileged way to access to this memory ?

Thank you,

Yuri · ‎05-06-2021

@my_tcn0
Hello,

please refer to the following app notes regarding recommended approach
for encryption key management.

"Demo Application to Generate Red/Black Blobs Using CAAM and Encrypt/Decrypt Data"

https://www.nxp.com/webapp/Download?colCode=AN12554

"i.MX Encrypted Storage Using CAAM Secure Keys"

https://www.nxp.com/webapp/Download?colCode=AN12714

Regards,
Yuri.

View solution in original post

Yuri · ‎05-06-2021

@my_tcn0
Hello,

please refer to the following app notes regarding recommended approach
for encryption key management.

"Demo Application to Generate Red/Black Blobs Using CAAM and Encrypt/Decrypt Data"

https://www.nxp.com/webapp/Download?colCode=AN12554

"i.MX Encrypted Storage Using CAAM Secure Keys"

https://www.nxp.com/webapp/Download?colCode=AN12714

Regards,
Yuri.

iMX8 - Encryption key management

iMX8 - Encryption key management

i.MX 8 Family | i.MX 8QuadMax (8QM) | 8QuadPlus

Linux

Security