This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Usage of RTL and Device root key in Cryptocell

Hello,

While an attempt to develop solid security mode bulded around Root of Trust starting from RTL and Device root key we found that unfortunately, it is mentioned in ssi_aes.h of latest 15.0.0 SDK:

SASI_AES_USER_KEY = 0, /*!< user key.* /
SASI_AES_PLATFORM_KEY = 1, /*!< Kplt hardware key.* / - is it K(RTL)?
SASI_AES_CUSTOMER_KEY = 2, /*!< Kcst hardware key.* / - is it K(DR)?

         /* Currently only SASI_AES_USER_KEY is supported - the key is plaintext and provided in the pKeyData parameter. */

Are there planned dates to implement hardware keys functionality? It provides the good way to build the whole security model with the connection to Root of Trust. Currently used User key is much more less securely stored as I see

Parents Reply
  • /* Currently only SASI_AES_USER_KEY is supported - the key is plaintext and provided in the pKeyData parameter. */

    This is in SaSi_AesSetKey function, I think the only option is to derive a key using SaSi_UtilKeyDerivation (ssi-util_key_derivation.h) and use that in a subsequent call as an AES user key

    The options  Kplt and Kcst for other types of hardware activities in previous designs (more complex CryptoCell units, catered for Cortex A-type devices)

     

     

Children
Related