AnsweredAssumed Answered

i.MX6 Advanced Cryptography

Question asked by DAVE HAYNIE on May 21, 2013
Latest reply on May 22, 2013 by Rodney D Ziolkowski

Hi all... I'm starting a new hardware design for a digital mesh radio. In our existing product line, we have a number of security options. For FIPS-level, we offer Suite B class packet encryption (not Suite B certified, there's no hardware architecture to support those requirements). Until recently, this was always done in software, and it's always been a bottleneck. Our software team has been trying to implement this with hardware acceleration -- another company's product. And we're basically unsupported. That's a good reason to change vendors.


So I'm looking at the i.MX6. It's complicating the hardware design a bit (only one PCIe link, for example), but offers other advantages, including faster processors. I have the Security document, and I do realize that the i.MX6 hardware acceleration will not be sufficient for Suite B class requirements (SHA-384, SHA-512, AES-GCM). On the other hand, a dual-core i.MX6 will offer substantially more CPU horsepower for the same power budget as the ARM11 dual cores we have been using (and that's our fastest product).


I'm wondering if anyone's actually done this, and benchmarked it? It seems likely one could use the AES engine, for example, in counter mode, then do the Galois field multiplication and authentication as separate steps, and maybe get even better performance. But that's all a guess, and I haven't really found any information on this being used in practice. Even some CryptoAPI (Linux) preformance metrics without any acceleration would be terribly useful in making this choice. We're ARM based already, my software team is otherwise sold on the i.MX6, I'm already sold on Freescale, having used products at Freescale/Motorola including 68K, PowerPC, and Coldfire. Just that Security document got us more information on the i.MX6 encryption accelerator than we've managed to get from "these other guys", even though we're already a customer shipping their CPUs world-wide.


I know there are other Freescale products that include these modes in the encryption accelerator, but they're serious overkill in terms of processor (N-Core PPC), power, and cost for this project.