- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
-
CAAM black keys and public key cryptography in latest BSPs
Hi all,
As per AN12838 "Strengthening Public Key Cryptography using CAAM Secure Key" application note, it is possible to use the CAAM black keys with ECDSA (and RSA) algorithms.
As stated by the AN12838 this functionality is added by the patches contained in "meta-imx-ecdsa-sec" layer, that is in "imx_sec_apps" repository (https://github.com/nxp-imx-support/imx_sec_apps).
But this meta-layer supports only kernels up to 5.4 (warrior and zeus Yocto releases), there are no patches for newer kernel versions/Yocto releases.
I searched in newer kernel versions source supposing that patches introduced by "meta-imx-ecdsa-sec" layer were merged upstream, but I didn't find anything.
Is the develop on "meta-imx-ecdsa-sec" layer stopped?
How to implement the public key cryptography with CAAM black keys in latest BSP releases?
Thanks in advance, regards
Mauro
Hello,
Please accept my apologize for the delayed response, it is actually part of the standard release, I don't know which version of BSP you have looked at or at where have you looked, if this is already enabled or not.
Please note that some names are not the same or even file directories of some drivers tend to change specially between major releases, so this may lead to some confusions,
For example, please refer to the section 10.6 crypto_af_alg application support, of the i.MX Linux User's Guide.
https://www.nxp.com/docs/en/user-guide/IMX_LINUX_USERS_GUIDE.pdf
If you have any other questions please do let me know!
Best regards/Saludos,
Aldo.
Hello
Thanks for the answer
Actually we are using Kirkstone BSP
Is it already implemented?
Thanks, William
Hello,
Yes, for the kirskstone release (L5.15.71_2.2.0) it does apply, please refer to the document for this Linux version:
https://www.nxp.com/docs/en/supporting-information/L5.15.71_2.2.0_LINUX_DOCS.zip
Best regards/Saludos,
Aldo.
Hi @AldoG ,
thank you for your answer.
I know that CAAM black keys are supported in NXP latest BSPs, using caam-keygen through crypto_af_alg as you stated: this is for encryption and decryption using symmetric keys, and we already use it.
But my question was about using CAAM black keys with public key cryptography (asymmetric keys) in your recent BSPs: I'm referring to examples shown in AN12838, where openssl is used to generate the keys and the private key is placed automatically in a black blob. In this AN, the "meta-imx-ecdsa-sec" layer is used: this layer applies patches to the kernel, but the layer development stopped at kernel 5.4.24 and the code added by those patches seems not to be in NXP kernels after 5.4.
Then, how can we have CAAM black keys with public key cryptography (asymmetric keys) in our Kirkstone BSP?
Thank you
Mauro
Hello,
Please accept my apologize for the delayed response, I wanted to give an answer as clear as possible.
The solution that was previously offered via imx_sec_app is not suitable for upstream and as such we will not integrate that as part of the BSP enablement.
In BSP ECDSA operation is supported through OP-TEE and PKCS11 interface on all devices (and accelerated with CAAM when available).
Please refer to the Linux Users Guide chapter 10.4.7 Running OpenSSL asymmetric tests with PKCS#11 based engine.
Hope this helps,
Best regards/Saludos,
Aldo.
