AnsweredAssumed Answered

RT1020/RT1050 - Why is the PRDB encrypted differently to the KIB and app?

Question asked by rshipman on Jul 13, 2020
Latest reply on Jul 15, 2020 by jeremyzhou

Hi.

 

I am using the RT1020, but I am told this document applies:

Security Reference Manual for the i.MX RT1050 Processor, Rev. 1, 04/2018

 

Regarding the following notes found in this section:

Section 3.6.2.3 Key Info Block, pages 78-80

NOTE

• KIB1 is encrypted to EKIB1 using BEE_KEY1 provisioned in eFUSE

• KIB0 is encrypted to EKIB0 using BEE_KEY0 provisioned in eFUSE

 

NOTE

• PRDB0 is encrypted using AES_KEY and IV in EKIB0, while the encrypted region defined in PRDB0 is encrypted by the key source specified in BEE_KEY0_SEL.

• PRDB1 is encrypted using AES_KEY and IV in EKIB1, while the encrypted region defined in PRDB1 is encrypted by the key source specified in BEE_KEY1_SEL.

 

Questions:

  1. So first of all does BEE_KEY1 = BEE_KEY1_SEL and BEE_KEY0 = BEE_KEY0_SEL?
  2. Why is the PRDB block encrypted with the key and iv in the KIB blocks, when everything else is encrypted using the BEE_KEYn_SEL keys? Why not just use BEE_KEYn_SEL for everything?

 

Many thanks and kind regards,

Ronnie

Outcomes