non volatile (power cycle persistent) keys in iMX6 (Solo) CAAM

andreaaizza · ‎10-31-2022

Hi,

with reference to AN12714 (i.MX Encrypted Storage Using CAAM Secure Keys), can anybody clarify if `importKey` file is supposed to remain the same (same `hexdump`) after a cold reset assuming the same `/data/caam/randomkey.bb` is utilized (/data/caam/randomkey.bb is the same after a the power-cycle), on a "not closed" device?

Something like:

```

caam-keygen import <non_volatile_storage>/randomkey.bb importKey1

cp /data/caam/importKey1 <non_volatile_storage>/importKey1

reboot

caam-keygen import <non_volatile_storage>/randomkey.bb importKey2

diff <non_volatile_storage>/importKey1 /data/caam/importKey2

```

What should `diff` say?

How to get a "same file" unique per device and randomkey.bb?

Regards,

Andrea

hector_delgado · ‎12-05-2022

Hi @andreaaizza ,

Hope you're doing well and sorry for the late response.

Regarding your first question:

with reference to AN12714 (i.MX Encrypted Storage Using CAAM Secure Keys), can anybody clarify if `importKey` file is supposed to remain the same (same `hexdump`) after a cold reset assuming the same `/data/caam/randomkey.bb` is utilized (/data/caam/randomkey.bb is the same after a the power-cycle), on a "not closed" device?

Yes, the file is supposed to remain the same.

Regarding your second question:

How to get a "same file" unique per device and randomkey.bb?

This wouldn't be possible, unfortunately. This all depends on which keys you generate.

Hope this was of any help.

Best regards,
Hector.