diff --git a/caam/seco/README.md b/caam/seco/README.md index 12b398a73..d046dafc1 100644 --- a/caam/seco/README.md +++ b/caam/seco/README.md @@ -15,3 +15,55 @@ This is an example configure for building wolfSSL ## Additional cryptodev-linux Examples Examples for use in conjunction with SECO are in the cryptodev directory + +## Arguments +The first argument to the examples can be a 0 or a 1. 1 is used for creating a new entry and 0 for opening an existing one. +The second argument is the KeyID. +The third argument is the Keystore ID. + +The KeyID should be 0 if creating it for the first time. + +An example of running aes-cbc would be: + +``` +#create new keystore and use arbitrary keystore ID of 9 +/tmp/aes-cbc 1 0 9 +[ 46.049273] SECO fp open +[ 46.055038] SECO setup memory access addr 960A0000 len 66560 +[ 46.061494] SECO memreg permissions set +[ 46.066412] SECO fp open +[ 46.070173] SECO setup memory access addr 960C0000 len 66560 +[ 46.076634] SECO memreg permissions set +Key ID: 581588797 +in = 0xffffe9138750 +out = 0xffffe91386b8 +cipherTxt = 0xffffe[ 46.108136] seco_mu seco_mu2: seco_mu2_ch1: Interrupted by signal +91386d8 +Encrypting : 74657374206D65737361676520746F20 +Cipher text: E7241091DEF6ACFEE558AA23318BCE75 +Decrypted : 74657374206D65737361676520746F20 +``` + + +Then to reopen and run using the previously created key + +``` +#reading key ID from the previous run, re-run the example, this time opening the existing keystore +root@imx8qxpc0mek:~# /tmp/aes-cbc 0 581588797 9 +[ 80.480629] SECO fp open +[ 80.484912] SECO setup memory access addr 960A0000 len 66560 +[ 80.491351] SECO memreg permissions set +[ 80.498053] SECO fp open +[ 80.501851] SECO setup memory access addr 960C0000 len 66560 +[ 80.508357] SECO memreg permissions set +Key ID: 581588797[ 80.516419] seco_mu seco_mu2: seco_mu2_ch1: Interrupted by signal + +in = 0xffffc8928500 +out = 0xffffc8928468 +cipherTxt = 0xffffc8928488 +Encrypting : 74657374206D65737361676520746F20 +Cipher text: E7241091DEF6ACFEE558AA23318BCE75 +Decrypted : 74657374206D65737361676520746F20 +``` + +This will create the keystores at /etc/seco_hsm . So far none of the keystores that wolfSSL creates are PERMENANT type ones, just either persistent or ephemeral. So to reset the keystore root can do "rm -rf /etc/seco_hsm" (as suggested by one of NXP's manuals on it) and reset the device.