IMX6Q, encryption, & swupdate

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IMX6Q, encryption, & swupdate

1,357 Views
erikbolton
Contributor I

Hey All:

I'm using swupdate with an A/B partition scheme to support software update on one of our projects running on an iMX6Q.

swupdate supports installing images encrypted with symmetric AES-256 keys as described here:

Symmetrically Encrypted Update Images — Embedded Software Update Documentation 2017.11 documentation 

Basically you have to (temporarily at least) write the key as a single line in a file and run the swupdate command line utility with the file as an argument.

I need to a way to securely store the key on the device. This is the procedure I had in mind:

1) Use the CAAM in the MX6 to store an AES-256 key in the SNVS during manufacturing

2) Access the key from a root shell during software update

3) Write the key to a file in a volatile tmpfs

4) Run swupdate with the key

5) Nuke the key file and reboot

Is this possible? Do you guys have a better suggestion?

Thanks.

-Erik Bolton

Labels (2)
0 Kudos
1 Reply

882 Views
Yuri
NXP Employee
NXP Employee

Hello,

  The following thread helps to implement using of key blob scheme

with CAAM module.

Example code on blob generation and usage on i.MX6UL platform 


Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos