i.MX6SL OTPMK, CRYPTO key, and UNIQUE ID

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

i.MX6SL OTPMK, CRYPTO key, and UNIQUE ID

1,020 Views
kvb
Contributor III

Hello,

I've been investigating system security on a custom i.MX6SoloLite board.  I've been reading the i.MX6SoloLite Reference Manual and the i.MX6SoloLite Security Reference Manual.  There seems to be some conflicting/confusing/lacking sections in the two documents.  My main areas of confusion are in regards to the One Time Programmable Key, Crypto Key, and the Unique Id, all of which are contained in fuses.

In regards to the OTPMK, the Security Reference Manual says the key is 256-bits long and is programmed by Freescale at the time of production.  On production parts, that key is read-locked (which I've verified on my part, is in fact locked).  That's all fine to me, what's confusing is how key is used.  The Security Reference Manual says that after a system reset, the OTP controller reads the e-fuse devices and provides the OTP key information to the DCP.  The DCP receives a 64-bit UNIQUE KEY and a 128-bit CRYPTO KEY.  The crypto key is either directly or indirectly provided through the SNVS module based a 'key path control' fuse.  What fuse is that?  I cannot find it in the documentation (it's possible I may have missed).  Furthermore, the CRYPTO KEY is 256-bits and a mux is used to select the high or low 128-bits.  Where is this mux?  Is it in fuses?  Is it a HW mux?  Does this mean the OTPMK and CRYPTO key are the same keyNote this is all from section 4.2.2.2 AES OTP Key in the i.MX6SLSRM.

Now, in section 4.2.4 One Time Programmable (OTP) Key of the i.MX6SLSRM, it says that the DCP can receive two different 128-bit keys.  One key comes from the OTP controller (I'm assuming that's the OTPMK?) and one can come directly from the SNVS.  What key is coming from the SNVS?  Is this the ZMK business contained in the SNVS?  Both reference manuals say to set the OTP_KEY_TO_DCP_DISABLE fuse to enable SNVS mode.  Where is this fuse?

The next area of confusion is the UNIQUE_KEY.  I the same section above, the i.MX6SLSRM states that the UNIQU_KEY may be selected for use by the DCP.  The security reference manual states that "The UNQUE_KEY is generated from the OTP KEY and key modifier bits from other OTP fuse fields.  This key is unique to the device...".  Is this key the 64-bit UNIQUE ID combined with the OTPMK (somehow)What are the "key modifier bits" and what fuse fields is this referring tooIf this is not the 64-bit UNIQUE ID, how/where is that 64-bit value used?

(Questions are in bold)

Any help/clarification would be very beneficial.  Thanks in advance!

Labels (1)
0 Kudos
1 Reply

646 Views
Yuri
NXP Employee
NXP Employee


Sorry, but the information you are requesting is treated as confidential info at this time and requires a signed NDA (Non-Disclosure Agreement). Naturally, we cannot discuss this with you in public anyway, this requires to be handled as a Service Request (SR). Be aware that to give you remote support through a SR, we will still need the confirmation of a Freescale employee that the NDA is in place. If you want to go this route, the next steps will be: If you have already signed a NDA agreement for this product, please contact the person who assisted you or create a SR and name us a Freescale person that can confirm this. If you have not signed an agreement, please contact your local Freescale Distributor Salesperson or FAE for assistance. For a listing of our distributors, refer to: http://www.freescale.com/webapp/sps/site/overview.jsp?code=DISTRIBUTORS

Have a great day,
Yuri

-------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-------------------------------------------------------------------------------

0 Kudos