• State TI Thinks Resolved
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 32 subscribers
  • Views 102 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM263P4: Usage and Accessing Keys

Kunukuntla Geetha
Intellectual 410 points

Part Number: AM263P4

Hi,

In AM263P4 HS-SE LP,

  1. Can we modify the source files(included files) given in TIFS-MCU for performing various services as per our requirement?
  2. If keys are generated internally, is there any permanant storage of those keys apart from storing in volatile Secure RAM? If those keys are stored in flash, there is chance of compromising keys.
  3. If I import keys from Keyring Certfiicate, I want to use those keys for other purposes say Secure Communication, how can I access those keys from R5 core?
  4. If I store Tool/server's PKI certificate in flash, how I tell HSM to access that certfiicate and validate it?

Thanks and Regards

Geetha

  • 0
    TI__Guru* 88981 points

    Hi Geetha,

    Kunukuntla Geetha said:
    Can we modify the source files(included files) given in TIFS-MCU for performing various services as per our requirement?

    Yes, you can modify the TIFS SDK as per your requirement

    Kunukuntla Geetha said:
    If keys are generated internally, is there any permanant storage of those keys apart from storing in volatile Secure RAM? If those keys are stored in flash, there is chance of compromising keys.

    The flash is the only place to store keys for permanent storage. Instead of keys, you can store the keyring certificate itself , which is signed using ROT keys. This would ensure security of these keys

    Kunukuntla Geetha said:
    If I import keys from Keyring Certfiicate, I want to use those keys for other purposes say Secure Communication, how can I access those keys from R5 core?

    Keyring certificate is to ensure that the keys are not accessible by a non-secure core and to store the keys in HSM secure RAM, so that only HSM can have access to those keys. You can create a HSM service, which can send data from R5 to HSM and use the keys from HSM to perform action and send the data back to R5 (For example, like a CMAC service)

    Kunukuntla Geetha said:
    If I store Tool/server's PKI certificate in flash, how I tell HSM to access that certfiicate and validate it?

    R5 can send this data to HSM via a service. 

    Thanks and Regards,

    Nikhil Dasan

  • 0 in reply to Nikhil Dasan
    Intellectual 410 points

    Hi Nikhil,

    Thanks for the clarity.

    Nikhil Dasan said:
    The flash is the only place to store keys for permanent storage. Instead of keys, you can store the keyring certificate itself , which is signed using ROT keys. This would ensure security of these keys

    This would be case when I generate keys outside the device, if I generate AES keys using RNG inside the device, how would the same applicable here?

    Nikhil Dasan said:
    You can create a HSM service, which can send data from R5 to HSM and use the keys from HSM to perform action and send the data back to R5 (For example, like a CMAC service)

    Can I just access the keys' location via HSM or do I need to give Keyring indeces as given in Keyring certificate?

    Geetha

  • 0 in reply to Kunukuntla Geetha
    TI__Guru* 88981 points

    Hi Geetha,

    Kunukuntla Geetha said:
    This would be case when I generate keys outside the device, if I generate AES keys using RNG inside the device, how would the same applicable here?

    The service to extract and store this in flash is not available OOB in sdk, but there are ways such that these generated keys can be probably signed using the crypto engines or basically mimicking the certificate creation kind of operation in HSM core and then sent out to R5 to place it in flash. 

    Kunukuntla Geetha said:
    Can I just access the keys' location via HSM or do I need to give Keyring indeces as given in Keyring certificate?

    HSM has full access to the keys location. The index is sent from R5 to let HSM know which key to be picked from the lot.

    Thanks and Regards,

    Nikhil Dasan