FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

master key: ZMK or OPTMK

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

master key: ZMK or OPTMK

‎10-09-2018 02:44 PM
1,569 Views
hualing_yu
Contributor II

The idea design to secure blob data using iMX7 master key is

1) normal system power loss, no matter how long, shall not cause blob data inaccessible after power back on.  But 2) after security violation, the blobs should not accessible even after POR.

However, ZMK register in LP-SNVS, cannot hold its value after power loss of LP.  That is, if ZMK is selected as a component for the master key for CAAM, then the blobs the master key eventually protected (through blob-key encryption key and blob keys) will become inaccessible due to previous power loss of Low power source, even without any security violation. So having ZMK as component in Master key (either ZMK only or ZMK and OTPMK combination) will fail above 1).

Obviously OTPMK only master key selection will fail 2).

 

Is there anyway to get around this?

 

Thank you!

Hualing

0 Kudos
Reply
5 Replies

‎10-11-2018 11:20 PM
1,300 Views
Yuri
NXP Employee
NXP Employee

Hello,

 

  Sorry, but the information, involved here, is treated as confidential info at this time and requires a signed

NDA. We cannot discuss this with you in public anyway, this requires to be handled as a Service Request (SR).

 

Have a great day,

Yuri

 

------------------------------------------------------------------------------

Note: If this post answers your question, please click the Correct Answer

button. Thank you!

0 Kudos
Reply

‎10-12-2018 07:46 AM
1,300 Views
hualing_yu
Contributor II

Hello Yuri,

Thank you for the response.

We do have NDA with NXP.  However we are not at that point yet.  We just need some high level understanding of the features of iMX7 security.

I know I sounded like asking for a solution in my original post, but actually this is what we really like to know -

Is ZMK definitely lost after SNVS_LP lost power?

This just to confirm what we understand about the iMX7 SRM.  So please reply to confirm such.

Thanks!

Hualing

0 Kudos
Reply

‎10-16-2018 02:33 AM
1,300 Views
Yuri
NXP Employee
NXP Employee

Hello,

  Yes, ZMK is definitely lost after SNVS_LP power down.

Regards,

Yuri.

0 Kudos
Reply

‎04-25-2019 11:44 PM
1,300 Views
yilingxu
Contributor III

Hi,

I want to confim if only CAAM can read this 256-bit master key from SNVS? If not, except CAAM, who else can read this 256-bit master key from SNVS?

I am worrying if other modules can read this 256-bit master key form SNVS, then the Blob Key Encryption Key(BKEK) in CAAM is not confidentiality anymore.

0 Kudos
Reply

‎10-17-2018 08:50 AM
1,300 Views
hualing_yu
Contributor II

This is the confirmation we need.  Thank you.

0 Kudos
Reply