Usage of RTL and Device root key in Cryptocell

Hi artemkkk,

We do not discuss timelines of features in this forum. Please contact your regional sales manager to know the details of timelines.

Aryan thanks! I'll check this out

Anyway, if any suggestions on this it would be useful:

SASI_AES_PLATFORM_KEY = 1, /*!< Kplt hardware key.* / - is it K(RTL)?
SASI_AES_CUSTOMER_KEY = 2, /*!< Kcst hardware key.* / - is it K(DR)?

Aryan thanks! I'll check this out

Anyway, if any suggestions on this it would be useful:

SASI_AES_PLATFORM_KEY = 1, /*!< Kplt hardware key.* / - is it K(RTL)?
SASI_AES_CUSTOMER_KEY = 2, /*!< Kcst hardware key.* / - is it K(DR)?

/* Currently only SASI_AES_USER_KEY is supported - the key is plaintext and provided in the pKeyData parameter. */

This is in SaSi_AesSetKey function, I think the only option is to derive a key using SaSi_UtilKeyDerivation (ssi-util_key_derivation.h) and use that in a subsequent call as an AES user key

The options  Kplt and Kcst for other types of hardware activities in previous designs (more complex CryptoCell units, catered for Cortex A-type devices)

Aryan, many thanks for reply!

Just to clarify whether we are talking about the same features, please, advice.

It is mentioned directly in all documentation for nrf52840 about the availability of the following key types can be selected for cryptographic operations:

• RTL key K_PRTL
• Device root key K_DR
• Session key

Check here: http://infocenter.nordicsemi.com/topic/com.nordic.infocenter.nrf52840.ps/cryptocell.html?cp=2_0_0_5_5_3#cc_kdr

Unfortunatelly we didn't manage to find any mentions in SDK about those keys, other than posted in initial message. Anyway there is HOST_CRYPTOKEY_SEL hardware registers mentioned in datasheet, is there any examples of use and access to this register and keys mentioned in in datasheet?

Hi artemkkk,

unfortunately our SDK examples are not using those key selection features in cryptocell yet. 

Hi Aryan! Thanks for feedback

Anyway, should we consider your answer as a confirmation that those key selection features are available, but not described in SDK? We are now on our own to research how deal with those keys or there are any option how we can request support on that?

> should we consider your answer as a confirmation that those key selection features are available, but not described in SDK?

These key features are available in the ARM Cryptocell 310 but we do not have experience using them yet, so I am not in a position to suggest or give you a direction. Sorry for this.