• State TI Thinks Resolved
  • Locked Locked
  • Replies 9 replies
  • Answers 3 answers
  • Subscribers 31 subscribers
  • Views 255 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM263P2: PKA vs PKE

Addison Audette
Prodigy 135 points

Part Number: AM263P2

Tool/software:

We found two different files that detail out RSA encryption and decryption : PKE.c and PKA.c that both have the AsymCrypt_RSAPrivate  && AsymCrypt_RSAPublic function calls. 

What is the difference between the PKA and PKE - how do they interact with the hardware?

  • 0
    TI__Guru* 87481 points

    Hi,

    PKA and PKE are 2 different types of hardware accelerators.

    In this PKA is available in AM263 and AM263Px and PKE is available in AM261x

    More on these HWA in the respective device TRMs

    Thanks and Regards,

    Nikhil Dasan

  • 0
    Prodigy 135 points

    So is the PKE Driver not usable on a AM263P board?

    Is the code from either the PKA or PKE callable from code that we write and run on our AM263P board? How can we run RSA operations outside of the HSM?

    (i.e. can we access the ability to do RSA encryption/decryption using either? Specifically in HS-SE mode)

  • 0 in reply to Addison Audette
    TI__Guru* 87481 points
    Addison Audette said:
    So is the PKE Driver not usable on a AM263P board?

    Yes, Correct

    Addison Audette said:

    Is the code from either the PKA or PKE callable from code that we write and run on our AM263P board? How can we run RSA operations outside of the HSM?

    (i.e. can we access the ability to do RSA encryption/decryption using either? Specifically in HS-SE mode)

    By "outside of the HSM", do you mean to execute this from R5 core? If yes, then the PKA do not have a public context, so it has to be called within HSM.

    You can refer to the example of ${TIFS}\examples\dthe\asymmetric_cryptography\rsa_encryption_decryption for the same.

    Thanks and Regards,

    Nikhil Dasan

  • 0 in reply to Nikhil Dasan
    Prodigy 135 points

    Is it common for developers to write their own HSM client driver calls to use the PKA functionality from outside of the HSM?

    Separate question: Is TI planning on adding functionality in the future to be able to directly call the PKA functionality from the R5 core to be able to do RSA encryption and decryption?

  • 0 in reply to Addison Audette
    TI__Guru* 87481 points

    Hi,

    Addison Audette said:
    Is it common for developers to write their own HSM client driver calls to use the PKA functionality from outside of the HSM?

    Sorry for the confusion here. Do you mean if you can call a service for RSA encryption/decryption from R5 to HSM and get it done on the HSM core?

    or Do you mean to use PKA on the R5 core itself.

    The former is possible. You would have to add a service to trigger the RSA functionality on the HSM Core.

    Addison Audette said:
    Is TI planning on adding functionality in the future to be able to directly call the PKA functionality from the R5 core to be able to do RSA encryption and decryption?

    Again, PKA on R5 is not possible (due to hardware constraints),
    PKA getting triggered from R5 on the HSM core (via a service) is possible. 
    Currently there is no plan to add this service, but you refer the existing service (such as getVersion) and create a service and call the RSA API in the handler on the HSM side.

    Hope this helps

    Thanks and Regards,

    Nikhil Dasan

  • 0 in reply to Nikhil Dasan
    Prodigy 135 points

    Ok makes sense thank you!!

    One more question about writing the service to trigger PKA from the R5 on the HSM core - when reading about the HSM client and server calls it states that after the HSMServer_isr function is called and validates the request " the respective service ISR will be triggered". Could you explain how this works and where I can find the code for where the specific sub functions are called?

  • 0 in reply to Addison Audette
    TI__Guru* 87481 points

    You can find this in the file "${TIFS_SDK}\source\modules\hsmserver\tifs\hsse\soc\am263px\hsm_defines.c" which has the service ISR and this is called from the main ISR HsmServer_isr in ${TIFS_SDK}\\source\modules\hsmserver\hsmserver.c

  • 0 in reply to Nikhil Dasan
    Prodigy 135 points

    That is helpful thank you! 

    Are there any pre-existing instructions for booting with User Modified Custom HSM Firmware?

  • 0 in reply to Addison Audette
    TI__Guru* 87481 points

    The TIFS SDK provides the facility to build the HSM firmware for HSSE. 

    Upon building it, the HSSE is converted to a .h header file which is included in the SBL. You can also follow the same flow in your usecase. The HSMFirmware userguide elaborates on the build steps of the HSMRT.