-
Notifications
You must be signed in to change notification settings - Fork 212
Hardware security features (Mk II)
The following table summarizes the available hardware security features, depending on the possible USB armory Mk II variants.
The standard retail version opts for a faster (900 MHz) i.MX6ULZ SoC, compared to the i.MX6UL (528 MHz), with the main trade-off of lack of OTF DRAM encryption.
The i.MX6UL variant with additional security properties, allowing external RAM encryption and a more complete internal cryptographic accelerator, is available for custom/bulk orders.
Name | Use | Variants | Availability |
---|---|---|---|
HABv4 | Secure Boot | all | retail |
CAAM | Cryptographic acceleration, TRNG | i.MX6UL (528 MHz) | custom order |
DCP | Cryptographic acceleration | i.MX6ULZ (900 MHz) | retail |
RNGB | TRNG | i.MX6ULZ (900 MHz) | retail |
SNVS | Secure Non-Volatile Storage | all | retail |
BEE | On-the-fly external RAM encryption | i.MX6UL (528 MHz) | custom order |
TZ | ARM® TrustZone® | all | retail |
ATECC | External cryptographic co-processor | all | retail |
A71CH | External cryptographic co-processor | all | retail |
RPMB | Protected flash memory region | all | retail |
The HAB feature enables on-chip internal Boot ROM authentication of initial bootloader (i.e. Secure Boot) with a digital signature, establishing the first trust anchor for code authentication. See Secure Boot for more information and usage instructions.
From the i.MX6UL datasheet: "CAAM is a cryptographic accelerator and assurance module. CAAM implements several encryption and hashing functions, a run-time integrity checker, and a Pseudo Random Number Generator (PRNG)...CAAM also implements a Secure Memory mechanism."
The CAAM accelerator driver is included and operational in modern Linux
kernels, once loaded it exposes its algorithms through the Crypto API interface
(see /proc/crypto
).
On boards mounting the i.MX6ULZ SoC option the CAAM is replaced with the DCP module, providing a subset of the CAAM features.
From the i.MX6ULZ datasheet: "This module provides support for general encryption and hashing functions typically used for security functions."
The DCP module driver is included and operational in modern Linux kernels, once
loaded it exposes its algorithms through the Crypto API interface (see
/proc/crypto
).
On boards mounting the i.MX6ULZ SoC option the CAAM TRNG functionality is replaced with a dedicated RNGB block, which incorporates a TRNG.
The RNGB driver is included and operational in modern Linux kernels, once
loaded it enables the component within Linux hw_random framework (see
/dev/hwrng
and rng-tools
).
From the i.MX6UL datasheet: "Secure Non-Volatile Storage, including Secure Real Time Clock, Security State Machine, Master Key Control, and Violation/Tamper Detection and reporting."
A device specific random 256-bit OTPMK key is fused in each SoC at manufacturing time, this key is unreadable and can only be used by the CAAM (i.MX6UL) or DCP (i.MX6ULZ) for AES encryption/decryption of user data, through the Secure Non-Volatile Storage (SNVS) companion block.
A Linux kernel driver for the CAAM (i.MX6UL), which takes advantage of the OTPMK released by the SNVS, is available at https://github.com/inversepath/caam-keyblob.
A Linux kernel driver for the DCP (i.MX6ULZ), which takes advantage of the OTPMK released by the SNVS, is available at https://github.com/inversepath/mxs-dcp.
The BEE is included only in boards mounting the i.MX6UL SoC, it supports on-the-fly (OTF) AES-128 (ECB or CTR) encryption/decryption on the AXI bus, allowing OTF DRAM encryption.
The i.MX6 SoC family features an ARM® TrustZone® implementation in its CPU core as well as its internal peripherals.
The Microchip ATECC608A and AT71CH feature hardware acceleration for elliptic-curve cryptography as well as hardware based key storage. The ATECC608A also features symmetric AES-128-GCM encryption.
Both components provide high-endurance monotonic counters, useful for external verification of firmware downgrade/rollback attacks.
Both components communicate on the I²C bus and feature authenticated and encrypted sessions for host communication.
The USB armory Mk II PCB layout features landing areas for both P/Ns, either or both will be assembled on board.
The eMMC RPMB features allows replay protected authenticated access to flash memory partition areas, using a shared secret between the host and the eMMC.