SECDEVTOOL-OMAPL138C6748: How to use secure kernel APIs after secure booting

tien ngoc

Part Number: SECDEVTOOL-OMAPL138C6748
Other Parts Discussed in Thread: OMAP-L138

Hello everybody,

I am building a security device based on OMAP-L138/C6748 processor, which makes use of both RSA and AES-256 encryption/decryption. I tend to use secure kernel APIs available in DSP core to optimize the speed and security level (by using KEK stored in DSP core). However, i can only find the API call SK_decryptMod() that is used to decrypt an AES encrypted boot load module, but cannot find any function to perform AES encryption or RSA encryption/decryption, though OMAP-L138/C6748 processor supports those features (https://www.youtube.com/watch?v=M1s6xIn5yLY). So

1. Are those functions call exist? And how can I call them from ARM core application?

2. Do I have to use C wrapper library to call secure kernel APIs, or just call them like a normal C function in main()?

3. Is there any tutorial link on deploying secure features of OMAP-L138/C6748 processor?

Any answer would be appreciate.

Thanks in advanced!

over 8 years ago

0 Yordan Kovachev over 8 years ago

TI__Guru**** 161600 points

Hi,

Have a look at the following threads:
e2e.ti.com/.../1922641
e2e.ti.com/.../546674
e2e.ti.com/.../975868

Hope this helps.

Best Regards,
Yordan

0 tien ngoc over 8 years ago in reply to Yordan Kovachev

Intellectual 345 points

Thank Yordan,

Yes, it helps me very much.

But I still can't figure out whether encryption/decryption APIs (AES/RSA) exist for me to perform my own security functions?

I have tried asking whom in those threads for example code. If you already have, could you please send me a sample of code for studying (my email is anhdan.do@gmail.com)? There are too few documents on this problem.

Thanks,

Regard.

0 Yordan Kovachev over 8 years ago in reply to tien ngoc

TI__Guru**** 161600 points

Hi,

If you go to the Tools & Software tab of OMAP-L138 product folder:
www.ti.com/.../toolssoftware

You'll find that there is a Cryptography for TI Devices link in the Software (10) section, the link is:
http://www.ti.com/tool/crypto

Have a look at these sources.

Best Regards,
Yordan

0 Rahul Prabhu over 8 years ago in reply to tien ngoc

TI__Guru** 116420 points

tien,

As you know, we support only basic secure boot on the secure variant of this device. What you are trying is to implement run time security on this device which is not supported. Also the secure kernel is implemented on the DSP on this part. Code running on the ARM is considered a non-secure and has only user access so it can`t access the keys without making a request to the DSP when it is in secure state.

If you want to implement security on the ARM, you will need to implement software based keys that are stored in non-volatile media and can`t implement a scheme with KEK. Hope this clarifies the offering on this device.

Regards,
Rahul

0 Rahul Prabhu over 8 years ago in reply to Rahul Prabhu

TI__Guru** 116420 points

If you want ARM based security and access to runtime AES/RSA acceleration, please look at some of our newer DSP and ARM devices like K2G and AM437x devices which have hardware accelerated support and also hardware based keys in a ARM secure boot environment.

Regards,
Rahul

0 tien ngoc over 8 years ago in reply to Yordan Kovachev

Intellectual 345 points

Thank for your help, Yordan
It is very helpful, :))

0 tien ngoc over 8 years ago in reply to Rahul Prabhu

Intellectual 345 points

Thank Rahul,

But we have to use OMAP-l138 processor for our project, so may be we will request DSP for encrypting things.
I think using software based cryptography with TI SDKs is a good idea, :))

Regard

Tien.

Processors

Processors forum

SECDEVTOOL-OMAPL138C6748: How to use secure kernel APIs after secure booting