使用CAAM安全密钥实现i.MX设备加密存储
需积分: 10 130 浏览量
更新于2024-08-31
收藏 204KB PDF 举报
"AN12714 i.MX Encrypted Storage Using CAAM Secure Keys"
本文档主要关注如何利用NXP i.MX系列系统级芯片(SoC)中的加密加速器和安全模块(CAAM)进行块级透明存储加密,以确保在面临物理丢失或被盗风险时的数据安全性。传统的用户密码保护措施并不能防止未经授权的访问,因为攻击者可能绕过设备的软件系统直接访问存储数据。因此,只有采用加密技术才能在存储介质被直接访问的情况下保障数据的机密性。
i.MX SoC中的CAAM模块提供了一种安全密钥功能,使得在Linux操作系统下使用DM-Crypt(一种Linux设备映射加密目标)实现块级透明存储加密成为可能。这一特性适用于所有具备CAAM模块的i.MX SoC,但不适用于配备数据加密处理器(DCP)的SoC。
本文档的目标读者包括计划使用CAAM执行存储加密的软件、硬件以及系统工程师。这些工程师需要理解如何将CAAM的安全功能集成到他们的设计中,以提高存储数据的安全性。
参考文献:
1. i.MX8MM安全参考手册:提供了i.MX8MM芯片的具体安全特性和配置指南。
2. Linux主线内核存档,2018年:包含了与DM-Crypt和CAAM集成相关的Linux内核源代码和更新信息。
3. DM-Crypt:Linux设备映射加密目标,2018年:详细介绍了DM-Crypt的工作原理和用法。
4. LUKS:Linux统一密钥设置,2018年:LUKS是DM-Crypt的标准化磁盘加密层,提供了密钥管理和安全增强功能。
5. dmsetup(8) - Linux manpage:dmsetup命令的官方手册页,用于管理设备映射,包括加密设备。
6. keyctl(1) - Linux manpage:keyctl命令的手册页,用于处理Linux内核中的密钥环和密钥管理。
在实现i.MX SoC的加密存储解决方案时,首先需要理解CAAM模块的功能,它通常包括对称和非对称加密算法的支持,以及密钥管理和硬件加速功能。接着,需要在Linux内核中启用并配置DM-Crypt模块,创建一个使用CAAM作为加密引擎的加密设备。LUKS用于在磁盘上创建加密容器,并管理用户的密钥材料,包括设置和恢复密钥的流程。
实施过程中,开发人员需要编写或修改驱动程序以适配CAAM接口,确保DM-Crypt能够正确调用CAAM硬件进行加密和解密操作。同时,还需要处理密钥的安全存储和交换,这通常涉及Linux内核的密钥环系统和keyctl工具。为了保证系统的完整性和安全性,应遵循最佳实践来管理密钥的生命周期,如定期更换密钥,以及在系统启动时验证密钥的完整性。
"AN12714 i.MX Encrypted Storage Using CAAM Secure Keys"文档提供了一个全面的指南,指导工程师如何利用i.MX SoC的硬件加密功能实现高效且安全的存储加密,从而保护敏感数据免受未经授权的访问。通过结合CAAM、DM-Crypt和LUKS等技术,可以构建一个在硬件级别提供加密保护的存储解决方案。
In the output above, there are 2 implementations of cbc(aes) transformation. The CAAM-backed implementation has a priority
of 3000 while the software implementation has a value of 300. This means that if you instruct DM-Crypt to use cbc(aes) cipher,
the CAAM-backed implementation is used.
To list all transformations registered by CAAM driver:
# grep -B1 -A2 caam /proc/crypto|grep -v kernel
name : rsa
driver : rsa-caam
priority : 3000
--
name : xcbc(aes)
driver : xcbc-aes-caam
priority : 3000
AES in XTS mode is not supported on i.MX devices.
NOTE
2.3 DM-Crypt using CAAM's Secure Key
In Linux Unified Key Setup (LUKS) mode, to generate the disk encryption key (master key), the user supplies a passphrase
which is combined with a salt, then a hash function is applied for a supplied number of rounds. When the user wants to mount
an encrypted volume, the passphrase should be supplied. An alternative could be providing a key file stored in an external drive
containing necessary decryption information. Those approaches are not convenient with embedded devices usage. The aim of
using DM-Crypt with CAAM’s secure key is to suppress the mechanism of encrypting the master volume key with a key derived
from a user-supplied passphrase. DM-Crypt can take advantages of secure key also to protect storage volumes from offline
decryption. The volume encryption key is only seen encrypted on device DDR. In addition, the volume could only be opened by
the devices that have the same OTPMK burned in the fuses.
The secure key feature is based on CAAM’s black key mechanism. Black key protects user keys against bus snooping while the
keys are being written to or read from memory external to the SOC. called a 'Black Key'.
CAAM supports two different black key encapsulation schemes, which are AES-ECB and AES-CBC. Regarding AES-ECB
encryption, the data is a multiple of 16 bytes long. If the key is a multiple of 128-bit, which will be if AES-256 or AES-128 encryption
is used, then the AES-ECB encrypted data encryption key would fit in the same buffer as the original unencrypted data encryption
key. If the data encryption key is not a multiple of 16 bytes long, it is padded before being encrypted. A CCM-encrypted black
key is always at least 12 bytes longer than the encapsulated key (nonce value + MAC tag), where the "MAC tag" (integrity check
value) ensures the integrity of the encapsulated key. While AES-ECB encryption is intended for quick decryption, AES-CCM
encryption is used for high assurance. CCM-encrypted keys are preferred, unless there is a need to fit the encrypted key in the
same space as the unencrypted key.
Black keys are session keys, therefore, they are not power-cycles safe. CAAM's blob mechanism provides a method for protecting
user-defined data across system power cycles. It provides both confidentiality and integrity protection. The data to be protected
is encrypted so that it can be safely placed into non-volatile storage before the SoC is powered down.
The following diagram illustrates the changes that have been added to support full disk encryption using secure key. The CAAM
driver registers new Cryptographic transformations in the kernel to use ECB and CBC blacken keys,
tk(ecb(aes))
and
tk(cbc(aes))
respectively. The
tk
prefix refers to Tagged Key. A Tagged Key is a key that contains metadata indicating which key it is, black
key or red key, and how to handle it, that is encapsulate in secure memory or in general memory. Linux provides an in-kernel
key management and retention facility called Keyrings. Keyring also enables interfaces to allow accessing keys and performing
operations such as add, update, and delete from user-space.
The kernel provides several basic types of keys including keyring, user, and logon. The CAAM driver introduces a new key type
named caam_tk relative to CAAM Tagged Key. Basically, CAAM Tagged Key provisioning can be done through Linux Key
Retention service and managed by user-space application such as keyctl. Secure key can be placed in Linux Key Retention
service while secure key blobs can be stored on any non-volatile storage.
NXP Semiconductors
Overview
i.MX Encrypted Storage Using CAAM Secure Keys, Rev. 0, 25 February 2020
Application Note 3 / 11
剩余10页未读,继续阅读
2020-12-10 上传
134 浏览量
点击了解资源详情
点击了解资源详情
点击了解资源详情
点击了解资源详情
2023-06-11 上传
2023-06-13 上传
2023-06-09 上传
2023-02-06 上传
embeddedman
- 粉丝: 18
- 资源: 108
我的内容管理
展开
最新资源
- EJB 3 学习资料 ,适合初学者
- jdk的classpath路径和环境配置
- Sql中判断是否存在数据库、表
- 使用smtp发送邮件(源码.txt
- 回溯法解八皇后问题 vc++实现
- Allegro轉Gerber注意事項
- 《操作系统设计与实现》中文修订版.pdf
- 全面JAVA命令大全
- STM32F10xxx_RM0008_CH_Rev7V3.pdf
- c#数据绑定dataBinding
- Linux进程源代码分析.pdf
- Java+Development+with+Ant.pdf
- make手册3.80
- 利用存储过程生成报表
- 架构风格与基于网络的软件架构设计.pdf
- 计算机四级考试2008年4月、9月真题
