• State TI Thinks Resolved
  • Locked Locked
  • Replies 4 replies
  • Answers 3 answers
  • Subscribers 30 subscribers
  • Views 252 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

LP-AM263P: x.509 extensions

Sravya Kalluri
Prodigy 145 points
Part Number: LP-AM263P


Tool/software:

Hi Team,

I had a few doubts after reviewing the keyring document available in the Secure Resources section of the TI website. I’ve listed them below:


               
       1. I didn’t fully understand the purpose of the salt parameter in the Encryption Extension. ?
    
             2. Could you explain the purpose of the Key-Derivation Extension? In which scenarios is this extension used?


           3.Under Key Writer Extensions, there is an extension called Encrypted AES. It mentions that the key is encrypted using TIFEK. What exactly is TIFEK? Do all AM263Px boards have the same TIFEK?

  
          4.Under Key Writer Extensions, there is an extension called AES Encrypted SMPKH Extension, which contains information about an AES-256 encrypted SMPKH (SHA-512 hashed SMPK public key).
                     
                 1.    With which key is the SMPKH encrypted?

                  2.  At the time of writing to the eFuse OTP memory, is the encrypted SMPKH stored, or the plain SMPKH?

                  3.   What is the purpose of the action_flags field?


 

      5. There is another extension called AES Encrypted SMEK, which contains information about an AES-256 encrypted SMEK key. How is this SMEK key generated?


       6. I need more information about the Software Revision App.

7. What is the difference between Version and Key Revision fields under the Key Writer Extension?


Regards, 
K.Sravya.

  • 0
    TI__Mastermind 48960 points

    Hi Sravya,

    Please refer to this:https://software-dl.ti.com/mcu-plus-sdk/esd/AM263X/latest/exports/docs/api_guide_am263x/TOOLS_SECURITY.html

    Also The questions asked are about the cryptography in general please refer to following links to understand better:

    https://en.wikipedia.org/wiki/Salt_(cryptography)

    https://en.wikipedia.org/wiki/X.509

    Some of these questions are related to these open source spec like x509 RFC

  • 0 in reply to Nilabh Anand
    Prodigy 145 points

    Hi Nilabh,

    I have a doubt regarding public and private key generation. In the key-writing certificate, we use SMEK and SMPKH. SMEK is a symmetric key used for AES-256 CBC encryption, and SMPKH is a public key used by the ROM for verifying the hashed image.

    My question is — how are the public-private keys for SMPKH and the symmetric key for SMEK generated?

    Also, there is a feature called ECDH key exchange mentioned in the hardware addendum. In this, a session key (which is a symmetric key used for AES) is generated. According to the ECDH key exchange algorithm, public-private keys should be generated using the ECC algorithm, and from those, a shared common key (symmetric key) is derived.

    However, in AM263Px, there seems to be no feature for key generation. This is what Nikhil mentioned. Could you please explain this to me in detail?




  • 0 in reply to Sravya Kalluri
    TI__Mastermind 48960 points
    Sravya Kalluri said:
    My question is — how are the public-private keys for SMPKH and the symmetric key for SMEK generated?

    Hi,

    The SMEK and SMPKH are expected to be generated by the user, given this is a secret.

    For demonstration purpose as part of OTPkrywriter provisioning purpose, it is generated using OPEN SSL.

    Please refer to OTP keywriter documentation. 

  • 0 in reply to Sravya Kalluri
    TI__Mastermind 48960 points
    Sravya Kalluri said:

    lso, there is a feature called ECDH key exchange mentioned in the hardware addendum. In this, a session key (which is a symmetric key used for AES) is generated. According to the ECDH key exchange algorithm, public-private keys should be generated using the ECC algorithm, and from those, a shared common key (symmetric key) is derived.

    However, in AM263Px, there seems to be no feature for key generation. This is what Nikhil mentioned. Could you please explain this to me

    This feature is present in AM261x only/.On AM263Px this feature is not present.

    Looks like this might be an error in Addendum.

    I will raise a ticket to get it corrected.