The objective is to generate digitally signed data which can be only signed and verified using CAAM ( i.e. hardware dependent, similar to HAB using OTPMK )
We are trying to explore CAAM Hardware's SIGNATURE command to digitally sign any data using CAAM's TDSK. We have following queries.
- Can we sign user data using CAAM, other than secure boot ?
- If yes, are there any specific signing mechanism available in CAAM. like RSA?
- Can We Generate Public, Private key pair from CAAM to generate signed data?
- Is it possible to use TDSK and SIGNATURE command of CAAM to sign user data.
- We tried it on both secure and non secure board.
- In secure mode, CAAM does not allow to set trusted descriptor request.
- In Non-secure mode, it allows but fails while loading signature command with invalid descriptor error.
CAAM supports many Hash hardware accelerators, Can these be used while creating/verifying digital signatures of a document?
Thanks for your support,