Hey All:
I'm using swupdate with an A/B partition scheme to support software update on one of our projects running on an iMX6Q.
swupdate supports installing images encrypted with symmetric AES-256 keys as described here:
Symmetrically Encrypted Update Images — Embedded Software Update Documentation 2017.11 documentation
Basically you have to (temporarily at least) write the key as a single line in a file and run the swupdate command line utility with the file as an argument.
I need to a way to securely store the key on the device. This is the procedure I had in mind:
1) Use the CAAM in the MX6 to store an AES-256 key in the SNVS during manufacturing
2) Access the key from a root shell during software update
3) Write the key to a file in a volatile tmpfs
4) Run swupdate with the key
5) Nuke the key file and reboot
Is this possible? Do you guys have a better suggestion?
Thanks.
-Erik Bolton
Hello,
The following thread helps to implement using of key blob scheme
with CAAM module.
Example code on blob generation and usage on i.MX6UL platform
Have a great day,
Yuri
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------