AnsweredAssumed Answered

Can CAAM hardware be used to digitally sign data?

Question asked by Swapnil Pendhare on Dec 21, 2015
Latest reply on Dec 30, 2015 by bpe



The objective is to generate digitally signed data which can be only signed and verified using CAAM ( i.e. hardware dependent, similar to HAB using OTPMK )


We are trying to explore CAAM Hardware's SIGNATURE command to digitally sign any data using CAAM's TDSK. We have following queries.

  1. Can we sign user data using CAAM, other than secure boot ?
  2. If yes, are there any specific signing mechanism available in CAAM. like RSA?
  3. Can We Generate Public, Private key pair from CAAM to generate signed data?
  4. Is it possible to use TDSK and SIGNATURE command of CAAM to sign user data.
    • We tried it on both secure and non secure board.
    • In secure mode, CAAM does not allow to set trusted descriptor request.
    • In Non-secure mode, it allows but fails while loading signature command with invalid descriptor error.


CAAM supports many Hash hardware accelerators, Can these be used while creating/verifying digital signatures of a document?


Thanks for your support,