- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
已解决
07-16-2025
12:25 PM
658 次查看
mariusoctavian
Contributor IV
Hi,
This is iMX8MM built with yocto scarthgap.
I am following mainly this doc-stm in conjunction with this doc
all optee-os optee-test and optee are in the build.
The Kernel config looks like:
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_AES=y
CONFIG_MD=y
CONFIG_DM_CRYPT=y
CONFIG_BLK_DEV_DM=y
CONFIG_KEYS=y
CONFIG_TRUSTED_KEYS=m
CONFIG_ENCRYPTED_KEYS=y
CONFIG_TRUSTED_KEYS_TEE=y
The drivers looks okay
[root@imx:~$ dmesg | grep optee
[ 1.530781] optee: probing for conduit method.
[ 1.530800] optee: revision 4.2 (c6be5b57)
[ 1.532316] optee: dynamic shared memory is enabled
[ 1.559229] optee: initialized driver
The xtest passes
+-----------------------------------------------------
43430 subtests of which 0 failed
155 test cases of which 0 failed
0 test cases were skipped
TEE test application done!
But
[root@imx:~$ keyctl add trusted kmk "new 32" @s
add_key: No such device
[root@Dekoda:~$
fails with,
No such device,
dmesg shows nothing
已解决! 转到解答。
1 解答
07-17-2025
07:20 AM
628 次查看
mariusoctavian
Contributor IV
I do this, we have all HAB TC enabled.
I found the problem.
I was using the 5.15.60 kernel due custom drivers.
As the results did not make any sense I replaced for the time being with 6.6.23 and all good.
I can add trusted key to KR session and
use dm to encrypt a partition using the key blob.
RESOLVED
2 回复数
07-17-2025
06:37 AM
634 次查看
Bio_TICFSL
NXP TechSupport
Hello,
On the MX8MM DEK blob must be created by a software running in Arm TrustZone Secure World, the CAAM block takes into consideration the TrustZone configuration when encapsulating the DEK and the resulting blob can be only decapsulated by a SW running in the same configuration. As ROM code is running in ARM TrustZone secure world we must encapsulate the blobs using OP-TEE.
Please check this thread:
https://community.nxp.com/t5/i-MX-Processors/Enabling-OP-TEE-in-i-MX8MM-EVK-FIT-image/m-p/1160604
Regards
07-17-2025
07:20 AM
629 次查看
mariusoctavian
Contributor IV
I do this, we have all HAB TC enabled.
I found the problem.
I was using the 5.15.60 kernel due custom drivers.
As the results did not make any sense I replaced for the time being with 6.6.23 and all good.
I can add trusted key to KR session and
use dm to encrypt a partition using the key blob.
RESOLVED
