i.MX6 Encryption

The i.MX6 Processors offer hardware encryption through Freescale's Cryptographic Accelerator and Assurance Module (CAAM, also known as SEC4). It offers the following support:

• Security Control
• Advanced High Assurance Boot (A-HAB) System (HAB with embedded enhancements)
• SHA-256, 2048-bit RSA key
• Version control mechanism
• Warm boot
• CSU and TZ initialization
• IC Identification Module (IIM) and Central Security Unit (CSU)
• CSU enhanced for the IIM
• Configured during boot and by e-fuses
• Determines the security level operation mode and the TZ policy
• Tamper Detection

For the encryption, these are the HW cryptographic accelerators we have on board the i.MX6:

• AES128, AES256
• 3DES
• ARC4
• SHA1
• SHA224
• SHA256
• MD-5

At a high level the Cryptographic Accelerator and Assurance Module (CAAM) is a DMA master supporting the following capabilities:

• Secure memory feature with HW enforced access control
• Cryptographic authentication
  • Hashing algorithms
    • MD5
    • SHA-1
    • SHA-224
    • SHA-256
  • Message authentication codes (MAC)
    • HMAC-all hashing algorithms
    • AES-CMAC
    • AES-XCBC-MAC
  • Auto padding
  • ICV checking
• Authenticated encryption algorithms
  • AES-CCM (counter with CBC-MAC)
• Symmetric key block ciphers
  • AES (128-bit, 192-bit or 256-bit keys)
  • DES (64-bit keys, including key parity)
  • 3DES (128-bit or 192-bit keys, including key parity)
• Cipher modes
  • ECB, CBC, CFB, OFB for all block ciphers
  • CTR for AES
• Symmetric key stream ciphers
• ArcFour (alleged RC4 with 40 - 128 bit keys)
• Random-number generation
  • Entropy is generated via an independent free running ring oscillator
  • Oscillator is off when not generating entropy; for lower-power consumption
  • NIST-compliant, pseudo random-number generator seeded using hardware generated entropy

The above features are usable via the CAAM driver which is available on our Yocto BSPs, as well as our latest OpenWrt on ​GitHub. In order to make use of some of these features, the Linux CryptoAPI must be used. The driver itself is integrated with the Crypto API kernel service in which the algorithms supported by CAAM can replace the native SW implementations.

References:

• ​https://community.freescale.com/thread/303229
• ​https://community.freescale.com/thread/319374
• ​https://community.freescale.com/thread/311605
• ​https://community.freescale.com/thread/309499
• ​http://www.freescale.com/webapp/sps/site/overview.jsp?code=NETWORK_SECURITY_CRYPTOG
• ​https://community.freescale.com/docs/DOC-96451
• ​Freescale Code Signing Tool for the High Assurance Boot library. Provides software code signing support designed for use with i.MX processors that integrate the HAB library in the internal boot ROM
• ​Freescale HAB App Note
• Also see Ventana Security

i.MX6 Security Reference Manual

Please register on the NXP website and request the document by visiting the link ​here

Linux Drivers

The Cryptographic Accelerator and Assurance Module (CAAM) is the driver for Freescale's hardware crypto. It configures hw to operate as a DPAA component, as well as creates job ring devices. Please see ​here for more detail. This driver was added to Linux 4.3, but we have support for it in our Yocto 1.6, Yocto 1.7, Yocto 1.8, and OpenWrt next (our latest OpenWrt branch on ​GitHub).

In order to enable the CAAM driver from within the kernel, the CONFIG_CRYPTO_DEV_FSL_CAAM must be set:

• make menuconfig
  • Kernel Cryptographic API → Hardware crypto devices → Freescale CAAM-Multicore driver backend
    • You can either build as a module via M or statically via Y

Enabling the above will select the following in the kernel config:

CONFIG_CRYPTO_HW=y
CONFIG_CRYPTO_DEV_FSL_CAAM=m
CONFIG_CRYPTO_DEV_FSL_CAAM_JR=m
CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=m
CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=m
CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=m
CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9
CONFIG_CRYPTO_DEV_FSL_CAAM_INTC=n
CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG=n

When this is enabled, /proc/crypto will list out that system's cipher support and where that support comes from. For example:

root@OpenWrt:/# cat /proc/crypto
<snip>
name         : sha1
driver       : sha1-caam
module       : caamhash
priority     : 3000
refcnt       : 1
selftest     : passed
internal     : no
type         : ahash
async        : yes
blocksize    : 64
digestsize   : 20
<snip>

We can see that the caamhash module offers the sha1 ahash function. This effectively means that any program using this hash will automatically gain hardware acceleration.

The CAAM driver will also grant the ability to directly access the hardware random number generator via /dev/hwrng. This tremendously speeds up generation of random garbage as seen below:

# Generate 50Mb of data via software
root@OpenWrt:/# time dd if=/dev/urandom of=/tmp/sw_random count=50 bs=1M
50+0 records in
50+0 records out
real    0m 17.29s
user    0m 0.00s
sys     0m 17.28s
# Now generate 50Mb of data via hardware
root@OpenWrt:/# time dd if=/dev/hwrng of=/tmp/hw_random count=50 bs=1M
50+0 records in
50+0 records out
real    0m 1.05s
user    0m 0.00s
sys     0m 1.04s

As seen above, using the hardware accelerated rng, random data with good entropy was generated almost 17x faster.

For information on how to use the Linux Kernel Crypto API consult the kernel documentation:

• ​https://www.kernel.org/doc/html/latest/crypto/index.html

For more information on Linux Kernel Crypto API and how to use in Userspace see:

• linux/encryption