• State
  • Replies 5 replies
  • Subscribers 100 subscribers
  • Views 93 views
  • Users 0 members are here
Support feedback
Options
Options
Related

AM620-Q1: security key storage for HSM

Sung-IL
Mastermind 30950 points
Part Number: AM620-Q1

Tool/software:

Dear Champs,

My customer questioned about HSM key storage for OTP function.

They will use 3rd party AutoSAR and HSM on AM620x R5 and HSM core, and want to know details how they can store HSM keys and managed in AutoSAR platform.

Could you please provide details how HSM keys can be stored and managed in AutoSAR platform of AM62x?

I found below e2e and it seems only way is RPMB on emmc, but I'm afraid there is no emmc MCAL driver. Please let me know details how HSM keys are managed in AutoSAR Platform.

 AM4372: Secure Storage feature support  

Thanks and Best Regards,

SI.

  • 0
    TI__Guru* 84075 points

    SI 

    Who is the AUTOSAR vendor for your customer?

    We have not seen any customer ask for eMMC MCAL  AFAIK. I am assigning this to both HSM and MCAL experts, but would like to get clarity on the vendor

  • 0 in reply to Mukul Bhatnagar
    TI__Mastermind 30950 points

    Hi Mukul,

    Customer is considering to work with Vector for AUTOSAR and HSM. They requested details based on Vector AUTOSAR patform.

    If there is a solution for Key management, customer will consider to use it. eMMC is not mandatory for them.

    They want to understand how Key management system will be worked in AM6204 AutoSAR.

    Thanks and Best Regards,

    SI.

  • 0 in reply to Sung-IL
    TI__Mastermind 20706 points

    Hello SI,

    Sung-IL said:
    If there is a solution for Key management, customer will consider to use it. eMMC is not mandatory for them.

    Can you elaborate a bit more on what do they mean by Key management? Will they be trying to access the keys from Autosar? 

    Since, they are already getting both HSM and Autosar stacks from Vector, did they check with Vector already if they have any suggestions on this?

    Regards,

    Nihar Potturu

  • 0 in reply to Nihar Potturu
    TI__Mastermind 30950 points

    Hi Nihar Potturu,

    Yes. Key should be stored and managed in AutoSAR platform.

    e.g. In AutoSAR platform, FW update will be executed through CAN and Ethernet, and key will be used for that FW update.

    Required AES 128bit keys are over 10ea, and thus it can not be stored in OTP region.

    Thanks and Best Regards,

    SI.

  • 0 in reply to Sung-IL
    TI__Mastermind 20706 points

    Hello SI,

    Sung-IL said:
    Required AES 128bit keys are over 10ea, and thus it can not be stored in OTP region.

    There is no non-volatile on-chip memory available to store the keys. Therefore, they would need to use either eMMC or OSPI flash for key storage. Since an eMMC driver is not available in MCAL, they can probably use the MCAL Fls driver to read the keys from OSPI flash.

    This is the first time we have received a query regarding accessing HSM keys from AUTOSAR, so our suggestions may be somewhat limited. As Vector is both the AUTOSAR and HSM stack vendor, they might have better insights. You can advise the customers to also check with Vector on this.

    Regards,
    Nihar Potturu