iMX8 - Encryption key management

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

iMX8 - Encryption key management

Jump to solution
2,793 Views
my_tcn0
Contributor I

I'm working on iMX8 Quad module, and i need to manage an unique cryptographic key to encrypt/decrypt some internal files.

I would like to store this key (or a passphrase to generate it) in secure memory (HW not accesible and SW accessible for an authorized process).

In IMX8MDQLQRM.pdf section 6.3, OCOTP_CTRL provides API to store the key. My problem is, if anyone access to the userspace of my OS, he can access also to the OCOTP mounted module and can read the content of the eFuses. 

Is it possible to disable the OCOTP_CTRL and access to the eFuses in another way? (with C API for exemple).  

 

The SNVS (Section 6.4) provides also the possibility to manage keys. Is there some privileged way to access to this memory ?

 

Thank you,

0 Kudos
Reply
1 Solution
2,780 Views
Yuri
NXP Employee
NXP Employee

@my_tcn0 
Hello,

   please refer to the following app notes regarding recommended approach
for encryption key management.

"Demo Application to Generate Red/Black Blobs Using CAAM and Encrypt/Decrypt Data"

https://www.nxp.com/webapp/Download?colCode=AN12554

"i.MX Encrypted Storage Using CAAM Secure Keys"

https://www.nxp.com/webapp/Download?colCode=AN12714

 

Regards,
Yuri.

 

View solution in original post

0 Kudos
Reply
1 Reply
2,781 Views
Yuri
NXP Employee
NXP Employee

@my_tcn0 
Hello,

   please refer to the following app notes regarding recommended approach
for encryption key management.

"Demo Application to Generate Red/Black Blobs Using CAAM and Encrypt/Decrypt Data"

https://www.nxp.com/webapp/Download?colCode=AN12554

"i.MX Encrypted Storage Using CAAM Secure Keys"

https://www.nxp.com/webapp/Download?colCode=AN12714

 

Regards,
Yuri.

 

0 Kudos
Reply