FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

CAAM version of SCCv2

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CAAM version of SCCv2

‎06-15-2017 08:27 AM
617 Views
bradenthomas
Contributor I

Hi, I'm looking to port a security feature from SCCv2 (i.MX53) to CAAM (i.MX6).  SCCv2 made it easy to encrypt data using a device-specific non-extractable key when the device was in the closed security mode.  I feel certain this is possible with CAAM, but it's not so clear to me how to do this.  Can someone point me in the right direction?  I have looked at caam_blob_gen, but it seems more intended for boot encryption.  Is it possible to use it for the security feature I'm describing, more of an adhoc key encryption?

Thanks!

Labels (1)
Labels
0 Kudos
Reply
2 Replies

‎06-16-2017 02:11 AM
455 Views
Yuri
NXP Employee
NXP Employee

Hello,

  Generally boot ROM, implementing HAB, and U-boot are oriented on signed / encrypted boot approach,

where CAAM may not be used. Therefore U-boot may not contain proper examples for CAAM.

  Nevertheless, it makes sense to look at blob commands, supported in recent U-boot releases

 

[U-Boot] [PATCH 1/3][v2] crypto/fsl: Add command for encapsulating/decapsulating blobs 

 

  I am afraid we do not have examples with detailed explanation of corresponding CAAM descriptors.

 

  Please refer to section 5.8.4.3 (Blob conformance considerations) of Security Reference Manual for i.MX 6Dual, 6Quad, 6Solo, and 6DualLite Families of Applications Processors, Rev. 0, 03/2013, available on the Web for some details.

 

  You may look at the following (the similar approach, implemented under Linux).

 

https://community.nxp.com/message/856589 

 

Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply

‎06-15-2017 08:42 AM
455 Views
bradenthomas
Contributor I

Reading a little further, it looks like basically I can create a CAAM blob, and decapsulate it to encrypt/decrypt with it, and it doesn't need to be related to boot encryption at all.  The only thing I'm unsure of is how to actually encrypt/decrypt with a decapsulated DEK.

0 Kudos
Reply