[PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

Ahmad Fatoum a.fatoum at pengutronix.de
Wed Mar 17 13:58:44 UTC 2021

Hello Jarkko,

On 16.03.21 20:22, Jarkko Sakkinen wrote:
> On Tue, Mar 16, 2021 at 06:01:18PM +0100, Ahmad Fatoum wrote:
>> The Cryptographic Acceleration and Assurance Module (CAAM) is an IP core
>> built into many newer i.MX and QorIQ SoCs by NXP.
>> The CAAM does crypto acceleration, hardware number generation and
>> has a blob mechanism for encapsulation/decapsulation of sensitive material.
>> This blob mechanism depends on a device specific random 256-bit One Time
>> Programmable Master Key that is fused in each SoC at manufacturing
>> time. This key is unreadable and can only be used by the CAAM for AES
>> encryption/decryption of user data.
>> This makes it a suitable backend (source) for kernel trusted keys.
>> Previous commits generalized trusted keys to support multiple backends
>> and added an API to access the CAAM blob mechanism. Based on these,
>> provide the necessary glue to use the CAAM for trusted keys.
>> Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>

> Too early to ack, as I've not included the TEE thing to any PR yet.

No problem. I'd be happy to incorporate the feedback I receive in the meantime.


Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

More information about the Linux-security-module-archive mailing list