AnsweredAssumed Answered

master key: ZMK or OPTMK

Question asked by Hualing Yu on Oct 9, 2018
Latest reply on Apr 25, 2019 by Yiling Xu

The idea design to secure blob data using iMX7 master key is

1) normal system power loss, no matter how long, shall not cause blob data inaccessible after power back on.  But 2) after security violation, the blobs should not accessible even after POR.


However, ZMK register in LP-SNVS, cannot hold its value after power loss of LP.  That is, if ZMK is selected as a component for the master key for CAAM, then the blobs the master key eventually protected (through blob-key encryption key and blob keys) will become inaccessible due to previous power loss of Low power source, even without any security violation. So having ZMK as component in Master key (either ZMK only or ZMK and OTPMK combination) will fail above 1).


Obviously OTPMK only master key selection will fail 2).


Is there anyway to get around this?


Thank you!