[i.MX6ULL] NVTK

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[i.MX6ULL] NVTK

1,430 Views
ceggers
Contributor V

IMX6ULLSRM.pdf, page 421, table A-2 (Glossary of terms)

Non-volatile test key
The Non-volatile Test Key (NVTK) is a 256-bit key hardwired into . When is in the Non-Secure Mode
will use the NVTK to derive Blob key encryption keys, rather than using the secret Master Key. The
NVTK value is public knowledge, and is the same in every SOC. It is used for known-answer tests
when testing the cryptographic hardware.

Outside the glossary, the NVTK is not mentioned anymore.

Another hint I found about NVTK:

add SNVS register check for trusted/secure state detection · inversepath/mxs-dcp@3a6b9dc · GitHub 

if (ssm_state == SNVS_HPSR_SSM_STATE_TRUSTED) {
printk(KERN_INFO "mxs_dcp: Trusted State detected\n");
} else if (ssm_state == SNVS_HPSR_SSM_STATE_SECURE) {
printk(KERN_INFO "mxs_dcp: Secure State detected\n");
} else {
printk(KERN_NOTICE "mxs_dcp: WARNING - not in Trusted or Secure State, Non-volatile Test Key in effect\n");

}

From the reference manual I'm unsure whether the NVTK exists on the i.MX6ULL. The same text is found in severals manuals, maybe it has only been copied and pasted.

  1. Does a NVTK exist on i.MX6ULL?
  2. How can I check whether the NVTK is currently active?
Labels (1)
Tags (2)
0 Kudos
Reply
2 Replies

1,301 Views
ceggers
Contributor V

Trying to answer the question myself after doing some tests and reading the documentation:

IMX6ULLSRM.pdf, page 34:

A successful secure boot with the HAB is required for the platform software to gain access to use the master secret key selected by SNVS.

IMX6ULLSRM.pdf, page 242:

If the SNVS determines the chip is in a trustworthy state, it provides a 128-bit device-unique cryptographic key to secure the secrets during non-volatile storage. The secret value is either the One-Time Programmable Master Key (OTPMK) stored in fuses, ...

So there is some protection of the OTPMK value, even if this doesn't imply, that a special test key (e.g. NVTK) exists.

I tried to encrypt some data with the DCP, selecting the OTP key. I recognized that the encrypted data is identical on three different boards. So the OTP key (always unique) was apparently not utilized. After investigating the SVNS_HPSR and SNVS_HPSVSR registers (see content from original question), I noticed that:

  1. I had one or more security violations (depending whether I booted via JTAG or from flash (non-secure)).
  2. The SSM state was neither trusted nor secure.

I haven't tested with secure boot yet. I would expect that the OTP key is accessible in this case (if no other security violations are active).

Additionally I repeated the encryption of my test data using a own 128 bit key consisting only of zeroes. With this key I got the same encrypted data as if the OTP key is selected (being not in secure/trusted state).

Intermediate result:

If the state of the Secure State Machine (SSM) is "non-secure", the SNVS blocks the access to the OTP key. Instead a "zeroed" key is supplied to the DCP. A real NVTK has not been found.

ToDo:

Test behavior when SSM is in trusted/secure state.

0 Kudos
Reply

1,301 Views
kunalkotecha1
Senior Contributor II

Hi ceggers,

Since there is no CAAM in i.MX6ULL there is no NVTK as well. i.MX6ULL document needs to be updated. For now, NVTK is not supported in i.MX6ULL.

Regards,

Kunal