In the initial wolfSSL CAAM drivers users could only create "secure blobs" using unencrypted "red keys" in addition to other cryptographic algorithms. Now as we approach 2021 the wolfSSL team is very happy to announce that wolfSSL has completed writing another custom driver, this time for QNX!!
In the latest custom driver wolfSSL has expanded potential use-cases beyond the original drivers to include:
Use of ECC keys to create “black blobs”
Ability to access and utilize the “secure memory” partitions available in the CAAM.
Use of ECC keys means that users can now create "black blobs" with "encrypted black keys" when using the wolfSSL QNX Driver. Encrypted black keys can be thought of as similar to how a TPM works. The key is encrypted and never exposed outside the CAAM, it is only decrypted inside the CAAM at the time of use. On top of the extra security with encrypted ECC keys, wolfSSL makes use of the CAAM’s AES-CCM encrypted black keys, providing an additional MAC tag for integrity checks on the keys prior to the decryption and use of any keys being passed into the CAAM.
The CAAM provides "secure memory" partitions that can be setup to restrict access to sensitive information and even log warnings/errors whenever unauthorized memory access is attempted. These warnings/errors can serve as an indicator that your systems may be being probed, alerting your team to be extra vigilant. Users can store sensitive or mission critical information in these secure memory partitions for added security.
The wolfSSL team thanks you for your time today and would like you to know that if you have any questions at all you can speak with a wolfSSL Engineer by emailing “support <at> wolfssl <dot> com” anytime.
The wolfSSL team is eager to help in any way we can; If you need a CAAM driver developed for your OS, if you would simply like to know more about CAAM support in wolfSSL, or if you are curious about one of our other products (wolfSSH, wolfMQTT, wolfBoot etc.), our team is at the disposal of the NXP community.
- The wolfSSL Team
Special Notes: wolfSSL QNX CAAM Driver was developed and tested on i.MX6UL-EVK, some porting may be necessary to get the wolfSSL QNX driver setup on other platforms.