• Raul Cardenas's avatar
    imx6: Added DEK blob generator command · 0200020b
    Raul Cardenas authored
    Freescale's SEC block has built-in Data Encryption
    Key(DEK) Blob Protocol which provides a method for
    protecting a DEK for non-secure memory storage.
    SEC block protects data in a data structure called
    a Secret Key Blob, which provides both confidentiality
    and integrity protection.
    Every time the blob encapsulation is executed,
    a AES-256 key is randomly generated to encrypt the DEK.
    This key is encrypted with the OTP Secret key
    from SoC. The resulting blob consists of the encrypted
    AES-256 key, the encrypted DEK, and a 16-bit MAC.
    During decapsulation, the reverse process is performed
    to get back the original DEK. A caveat to the blob
    decapsulation process,  is that the DEK is decrypted
    in secure-memory and can only be read by FSL SEC HW.
    The DEK is used to decrypt data during encrypted boot.
    Commands added
      dek_blob - encapsulating DEK as a cryptgraphic blob
    Commands Syntax
      dek_blob src dst len
        Encapsulate and create blob of a len-bits DEK at
        address src and store the result at address dst.
    Signed-off-by: default avatarRaul Cardenas <Ulises.Cardenas@freescale.com>
    Signed-off-by: default avatarNitin Garg <nitin.garg@freescale.com>
    Signed-off-by: default avatarUlises Cardenas <ulises.cardenas@freescale.com>
    Signed-off-by: default avatarUlises Cardenas-B45798 <Ulises.Cardenas@freescale.com>
README.mxc_hab 3.5 KB