FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Security question related to OEM key, DRK, RPMB storage, CAAM, SECO

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security question related to OEM key, DRK, RPMB storage, CAAM, SECO

‎04-02-2019 02:47 AM
617 Views
zhongyue_li
Contributor II

Dear NXP engineers,

I am working on security features on I.MX8QX B0 with android P9.0.

Right now, I met some questions related to security,

and FAE let me ask you guys in community,

Could you help to check following questions?

1. As we checked, OEM key will write in Fuse via SCU APIs, 

    May i know  the "OEM key" is only public key? or "OEM key" includes both public key and private key?

2. I would like to make every device have one different device root key(DRK), i suppose DRK should be a symmetric crypto key,  but i don't know where i can store this key, do you think we can store in RPMB?

However, i afraid, there would be a risk if we store the key plaintext into RPMB directly.

I heard the RPMB can be read in normal world?

3. one more thing, i think DRK should be signed by OEM private key, i don't know how to make it.

4.In CAAM and SECO, is there any API that can make signature for DRK with OEM private key?

I am so confused about above questions.

I would like to know the basic security policy on IMX8QX B0.

Looking forward to your detailed explanation.

Thanks a lot.

0 Kudos
Reply
2 Replies

‎04-02-2019 07:43 AM
425 Views
jamesbone
NXP TechSupport
NXP TechSupport

I apologize but the i.MX8X Family it is not release yet, and it is still subject to changes, please contact your local Sales or your FAE in order to receive support regarding this device, since for the moment there is no documentation available.  I apologize for this inconvenience.


Have a great day,
TIC

0 Kudos
Reply

‎04-02-2019 05:32 PM
425 Views
zhongyue_li
Contributor II

Dear Jamesbone,

Thanks for your reply.

However, I asked above questions to FAE(rui.yang@nxp.com), he said he didn't know the exact answer, and ask me to submit the questions in nxp community.

I think my questions are not only the I.MX8X chipset problems, they should be the common concept, am I right?

If you cannot answer the questions for I.MX8X Family, could you tell me the common concept, for example, I.MX6, IMX7.

Thanks a lot.

Best Regards!

0 Kudos
Reply