[[PageOutline]] = i.MX6 Encryption The i.MX6 Processors offer hardware encryption through Freescale's Cryptographic Accelerator and Assurance Module (CAAM, also known as SEC4). It offers the following support: * Security Control * Advanced High Assurance Boot (A-HAB) System (HAB with embedded enhancements) * SHA-256, 2048-bit RSA key * Version control mechanism * Warm boot * CSU and TZ initialization * IC Identification Module (IIM) and Central Security Unit (CSU) * CSU enhanced for the IIM * Configured during boot and by e-fuses * Determines the security level operation mode and the TZ policy * Tamper Detection For the encryption, these are the HW cryptographic accelerators we have on board the i.MX6: * AES128, AES256 * 3DES * ARC4 * SHA1 * SHA224 * SHA256 * MD-5 At a high level the '''Cryptographic Accelerator and Assurance Module (CAAM)''' is a DMA master supporting the following capabilities: * Secure memory feature with HW enforced access control * Cryptographic authentication * Hashing algorithms * MD5 * SHA-1 * SHA-224 * SHA-256 * Message authentication codes (MAC) * HMAC-all hashing algorithms * AES-CMAC * AES-XCBC-MAC * Auto padding * ICV checking * Authenticated encryption algorithms * AES-CCM (counter with CBC-MAC) * Symmetric key block ciphers * AES (128-bit, 192-bit or 256-bit keys) * DES (64-bit keys, including key parity) * 3DES (128-bit or 192-bit keys, including key parity) * Cipher modes * ECB, CBC, CFB, OFB for all block ciphers * CTR for AES * Symmetric key stream ciphers * !ArcFour (alleged RC4 with 40 - 128 bit keys) * Random-number generation * Entropy is generated via an independent free running ring oscillator * Oscillator is off when not generating entropy; for lower-power consumption * NIST-compliant, pseudo random-number generator seeded using hardware generated entropy The above features are usable via the CAAM driver which is available on our Yocto BSPs, as well as our [wiki:OpenWrt/building latest OpenWrt] on [https://github.com/Gateworks/openwrt GitHub]. In order to make use of some of these features, the Linux CryptoAPI must be used. The driver itself is integrated with the Crypto API kernel service in which the algorithms supported by CAAM can replace the native SW implementations. References: * [https://community.freescale.com/thread/303229] * [https://community.freescale.com/thread/319374] * [https://community.freescale.com/thread/311605] * [https://community.freescale.com/thread/309499] * [http://www.freescale.com/webapp/sps/site/overview.jsp?code=NETWORK_SECURITY_CRYPTOG] * [https://community.freescale.com/docs/DOC-96451] * [https://www.freescale.com/webapp/Download?colCode=IMX_CST_TOOL&appType=license&location=null&fasp=1&WT_TYPE=Initialization/Boot/Device%20Driver%20Code%20Generation&WT_VENDOR=FREESCALE&WT_FILE_FORMAT=tgz&WT_ASSET=Downloads&Parent_nodeId=13376371545356958310 Freescale Code Signing Tool] for the High Assurance Boot library. Provides software code signing support designed for use with i.MX processors that integrate the HAB library in the internal boot ROM * [https://www.nxp.com/docs/en/application-note/AN4581.pdf Freescale HAB App Note] * Also see [wiki:ventana/security Ventana Security] == i.MX6 Security Reference Manual Please register on the NXP website and request the document by visiting the link [https://www.nxp.com/webapp/sps/download/mod_download.jsp?colCode=IMX6DQ6SDLSRM&appType=moderatedWithoutFAE here] == Linux Drivers The Cryptographic Accelerator and Assurance Module (CAAM) is the driver for Freescale's hardware crypto. It configures hw to operate as a DPAA component, as well as creates job ring devices. Please see [https://www.kernel.org/doc/menuconfig/drivers-crypto-caam-Kconfig.html here] for more detail. This driver was added to Linux 4.3, but we have support for it in our Yocto 1.6, Yocto 1.7, Yocto 1.8, and OpenWrt next (our latest OpenWrt branch on [https://github.com/Gateworks/openwrt GitHub]). In order to enable the CAAM driver from within the kernel, the {{{CONFIG_CRYPTO_DEV_FSL_CAAM}}} must be set: * {{{make menuconfig}}} * Kernel Cryptographic API → Hardware crypto devices → Freescale CAAM-Multicore driver backend * You can either build as a module via {{{M}}} or statically via {{{Y}}} Enabling the above will select the following in the kernel config: {{{#!bash CONFIG_CRYPTO_HW=y CONFIG_CRYPTO_DEV_FSL_CAAM=m CONFIG_CRYPTO_DEV_FSL_CAAM_JR=m CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=m CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=m CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=m CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9 CONFIG_CRYPTO_DEV_FSL_CAAM_INTC=n CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG=n }}} When this is enabled, {{{/proc/crypto}}} will list out that system's cipher support and where that support comes from. For example: {{{#!bash root@OpenWrt:/# cat /proc/crypto name : sha1 driver : sha1-caam module : caamhash priority : 3000 refcnt : 1 selftest : passed internal : no type : ahash async : yes blocksize : 64 digestsize : 20 }}} We can see that the {{{caamhash}}} module offers the sha1 ahash function. This effectively means that any program using this hash will automatically gain hardware acceleration. The CAAM driver will also grant the ability to directly access the hardware random number generator via {{{/dev/hwrng}}}. This tremendously speeds up generation of random garbage as seen below: {{{#!bash # Generate 50Mb of data via software root@OpenWrt:/# time dd if=/dev/urandom of=/tmp/sw_random count=50 bs=1M 50+0 records in 50+0 records out real 0m 17.29s user 0m 0.00s sys 0m 17.28s # Now generate 50Mb of data via hardware root@OpenWrt:/# time dd if=/dev/hwrng of=/tmp/hw_random count=50 bs=1M 50+0 records in 50+0 records out real 0m 1.05s user 0m 0.00s sys 0m 1.04s }}} As seen above, using the hardware accelerated rng, random data with good entropy was generated almost 17x faster. For information on how to use the Linux Kernel Crypto API consult the kernel documentation: - https://www.kernel.org/doc/html/latest/crypto/index.html For more information on Linux Kernel Crypto API and how to use in Userspace see: - [wiki:linux/encryption]