AnsweredAssumed Answered

i.MX Need a way to protect SSL certificate private key

Question asked by Raman Subramanian on Mar 2, 2016
Latest reply on Mar 2, 2016 by Yuri Muhin

Reviewed the i.MX6 Solo X security document that describes how to use Crypto HW to securely store information
into non-volatile memory (“Security Reference Manual for i.MX 6Dual, 6Quad, 6Solo, and 6DualLite Families of Applications Processors” (Doc #: IMX6DQ6SDLSRM, Rev. 0, 03/2013)). 

Customer wants to make sure the infrastructure is in place to use the Crypto HW along with some examples of how
to use it.  NXP BSP has a driver that seems to provide at least a driver level abstraction of the Crypto HW. 

Customer wants to know if that is tested? 

Customer wants the additional software that is needed that ties this driver to the user space. 

The Linux Crypto API and infrastructure typically uses sockets with address families such as AF_ALG,
AF_KEY, etc. that allows the user to establish a socket interface into the
kernel and to the Crypto HW.  Customer doesn’t want to re-invent the wheel
and thinks that this might already have been done before.  Customer needs
the code that extends the Linux Crypto API  and infrastructure and
provides this functionality to user space.  Here are some of the use
cases:

  1. Customer wants to
    create an encryption blob.  They are seeking the code that provides this
    capability to user space along with examples of how to use it.  One use
    case would be storing the password that encrypts the private key file used by
    OpenSSL.
  2. Customer wants to
    use eCryptFS which seems like it should use the Crypto drivers for the i.MX6
    Solo X but it doesn’t seem to be using them.  They are seeking the code
    that provides this ability along with examples of how to use it. 

Outcomes