FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Programming the attestation key

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Programming the attestation key

‎05-08-2019 07:47 AM
1,533 Views
zhongyue_li
Contributor II

Dear NXP engineer:

I am trying to read document named "I.MX_Android_Security_User_Guide.pdf"

Following is the content mentioned in the doc.

3.3.6 Programming the attestation key
Attestation key is programmed in U-Boot. The keystore key attestation aims to provide a way to strongly determine if an
asymmetric key pair is hardware-backed, what the properties of the key are, and what constraints are applied to its usage.Google provides the attestation "keybox", which contains private keys (RSA and ECDSA) and the corresponding certificate chains to partners from the Android Partner Front End (APFE). After retrieving the "keybox" from Google, you need to parsethe "keybox", provision the keys and certificates to secure storage. Both keys and certificates should be encoded with Distinguished Encoding Rules (DER).
Fastboot commands are provided to provision the attestation keys and certificates. Make sure that the secure storage is
properly initialized for Trusty OS. 

Referring to above content,

I have two questions, could you help to check them?

1. Where is the secure storage mentioned in above content? 

    the attestation key will be stored in this secure storage?

2. How are the attestation keys used after provision?   

Thanks a lot.

Have a nice day.

0 Kudos
Reply
2 Replies

‎05-08-2019 09:47 AM
1,174 Views
jamesbone
NXP TechSupport
NXP TechSupport

Hello,

You need to access the security reference Manual to get the answer, but this manual it is under NDA, and you need to contact your local FAE or sales,  and ask for the security manual, they will help to provide it.

Have a nice day

0 Kudos
Reply

‎05-08-2019 05:30 PM
1,174 Views
zhongyue_li
Contributor II

Dear Jamesbone,

I am from hirain company in China, and our company is already made NDA with NXP, 

and for some questions, our FAE also cannot give me correct answers, and he let me to try to ask questions in community.

And now i have document "Security Reference Manual for i.MX 8DualXPlus/8QuadXPlus Application Processors" and

document "i.MX Android™ Security User's Guide".

But i cannot find answers to my questions.

Could you give me the security manual document name? so that i can ask FAE to share the doc to me.

Thanks a lot.

0 Kudos
Reply