Usage of RTL and Device root key in Cryptocell

RE: Usage of RTL and Device root key in Cryptocell

Susheel Nuguru — Wed, 01 Aug 2018 07:33:47 GMT

> should we consider your answer as a confirmation that those key selection features are available, but not described in SDK?

These key features are available in the ARM Cryptocell 310 but we do not have experience using them yet, so I am not in a position to suggest or give you a direction. Sorry for this.

RE: Usage of RTL and Device root key in Cryptocell

artemkkk — Mon, 30 Jul 2018 10:11:48 GMT

Hi Aryan! Thanks for feedback

Anyway, should we consider your answer as a confirmation that those key selection features are available, but not described in SDK? We are now on our own to research how deal with those keys or there are any option how we can request support on that?

RE: Usage of RTL and Device root key in Cryptocell

Susheel Nuguru — Mon, 30 Jul 2018 10:01:57 GMT

Hi artemkkk,

unfortunately our SDK examples are not using those key selection features in cryptocell yet.

RE: Usage of RTL and Device root key in Cryptocell

artemkkk — Fri, 27 Jul 2018 16:46:55 GMT

Aryan, many thanks for reply!

Just to clarify whether we are talking about the same features, please, advice.

It is mentioned directly in all documentation for nrf52840 about the availability of the following key types can be selected for cryptographic operations:

RTL key K_PRTL
Device root key K_DR
Session key

Check here: http://infocenter.nordicsemi.com/topic/com.nordic.infocenter.nrf52840.ps/cryptocell.html?cp=2_0_0_5_5_3#cc_kdr

Unfortunatelly we didn't manage to find any mentions in SDK about those keys, other than posted in initial message. Anyway there is HOST_CRYPTOKEY_SEL hardware registers mentioned in datasheet, is there any examples of use and access to this register and keys mentioned in in datasheet?

RE: Usage of RTL and Device root key in Cryptocell

Susheel Nuguru — Fri, 13 Jul 2018 13:56:23 GMT

[quote user=""]/* Currently only SASI_AES_USER_KEY is supported - the key is plaintext and provided in the pKeyData parameter. */[/quote]

This is in SaSi_AesSetKey function, I think the only option is to derive a key using SaSi_UtilKeyDerivation (ssi-util_key_derivation.h) and use that in a subsequent call as an AES user key

The options Kplt and Kcst for other types of hardware activities in previous designs (more complex CryptoCell units, catered for Cortex A-type devices)

RE: Usage of RTL and Device root key in Cryptocell

artemkkk — Fri, 13 Jul 2018 10:11:35 GMT

Aryan thanks! I'll check this out

Anyway, if any suggestions on this it would be useful:

SASI_AES_PLATFORM_KEY = 1, /*!< Kplt hardware key.* / - is it K(RTL)?
SASI_AES_CUSTOMER_KEY = 2, /*!< Kcst hardware key.* / - is it K(DR)?

RE: Usage of RTL and Device root key in Cryptocell

Susheel Nuguru — Fri, 13 Jul 2018 10:00:01 GMT

Hi artemkkk,

We do not discuss timelines of features in this forum. Please contact your regional sales manager to know the details of timelines.