if you want to use the unique otp key for aes encryption/decryption you have to modify the dcp driver:
Than you can use the onboard encryption engine according to the kobs-ng sourcecode for user data encryption/decryption. According to the i.MX28_Reference_Manual_1_0 the unique key will be created as follows:
The OTP key may be selected using the OTP_KEY bit in the control field of the packet
descriptor or by using the key select 0xFF in the CTRL1 field of the descriptor. The DCP
also supports a second hardware key called the UNIQUE_KEY which is generated from
the OTP KEY (OCOTP_CRYPTO0,1,2,3) and key modifier bits from another OTP fields
(OCOTP_OPS2 and OCOTP_UN2) with unique number for every chip. This key is unique
to the device and may be used for encrypting private data stored on the NAND. This key
may be selected by writing 0xFE to the KEY_SELECT field in the CTRL1 packet data.
Does anybody know how to interpret the key modifier OCOTP_OPS2 and OCOTP_UN2?
Original Attachment has been moved to: 33-dcpuniquekey.patch