AnsweredAssumed Answered

How to implement a challenge/response system on i.MX6?

Question asked by Ginger Bread on Mar 26, 2014
Latest reply on Apr 14, 2014 by Ginger Bread

I want to implement an authentication protocol with the i.MX6 where the SoC is challenged and needs to respond with a piece of data that it alone knows.  Ideally I would like to have the CAAM module fetch the secret piece of data, hash it with some input, and send the resulting value back out of the chip for use by high level software.  To make the system secure, I don't want to store the secret in plain text in main memory, FLASH, or on a hard drive.

 

Does anyone know of a good way to do this and where the data can be kept?

 

I considered using the General Purpose Fuse Registers (GP1 & GP2), but these are easily readable throug /sys/fsl_otp.

 

I considered the One Time Programmable Master Key (OTPMK), but this is burned by Freescale rather than being customizable by the end user.

 

Supposedly one can burn up to 4 keys for use with the High Assurance Boot process, but it's not clear to me whether those keys can be used outside of the boot process.  If they can be used this might be the best way to go.

 

I thought about using a red blob to encrypt the private data so that it could be stored outside the chip, but people don't seem to have had much luck with writing firmware to do this from the message board posts that I readthat from what I read on the message boards (See post 352462)

Outcomes