Scribd
Upload
137 views

Generate Blob Under Linux - V2

This document provides instructions for generating key blobs under Linux using a driver and userspace utility. It describes: 1. Integrating the key blob generation code into the Linux kernel driver by adding files to the crypto driver, modifying the Kconfig and Makefile. 2. Building and inserting the key blob generation code as a kernel module. 3. Building the userspace utility to generate and decrypt blobs and testing it on two boards to confirm the blobs are board-specific.

Uploaded by

daniel
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
137 views

Generate Blob Under Linux - V2

This document provides instructions for generating key blobs under Linux using a driver and userspace utility. It describes: 1. Integrating the key blob generation code into the Linux kernel driver by adding files to the crypto driver, modifying the Kconfig and Makefile. 2. Building and inserting the key blob generation code as a kernel module. 3. Building the userspace utility to generate and decrypt blobs and testing it on two boards to confirm the blobs are board-specific.

Uploaded by

daniel
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Generate Blob Under Linux

Biyong SUN
20, SEPT 2017

EXTERNAL USE
Generate Blob Under Linux Add on

|-- linux_driver --- Linux Driver


| `-- drivers
| `-- crypto
| `-- caam
| |-- Kconfig
| |-- key_blob.c
| |-- key_blob.h
| `-- Makefile
`-- userspace_util --- User Space Utility
`-- key_blob_test
|-- kb_test
|-- kb_test.c
|-- kb_test.h
|-- key_blob.h
`-- README

1 EXTERNAL USE
Integrate Linux Driver

SW: L4.1.15_2.0.0_ga

1. Copy key_blob.c, key_blob.h to driver/crypto/caam


2. Modify the Kconfig and Makefile

|-- linux_driver
`-- drivers
`-- crypto
`-- caam
|-- Kconfig
|-- key_blob.c
|-- key_blob.h
`-- Makefile

2 EXTERNAL USE
Integrate Linux Driver(Cont.)

Modify the Kconfig:


124 config CRYPTO_DEV_FSL_CAAM_SM
125 tristate "CAAM Secure Memory / Keystore API (EXPERIMENTAL)"
126 default n
127 help
128 Enables use of a prototype kernel-level Keystore API with CAAM
129 Secure Memory for insertion/extraction of bus-protected secrets.
130
131 config CRYPTO_DEV_FSL_CAAM_SM_KEY_BLOB
132 boolean "CAAM Secure Memory Key Blob Generation"
133 depends on CRYPTO_DEV_FSL_CAAM_SM
134 default n
135 help
136 Enables use of a prototype kernel-level Keystore API with CAAM
137 Secure Memory for key blob generation.
138
3 139 config USE
EXTERNAL CRYPTO_DEV_FSL_CAAM_SM_SLOTSIZE
Integrate Linux Driver(Cont.)

Modify the Makefile:


13 obj-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SM) += sm_store.o
14 obj-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SM_KEY_BLOB) += key_blob.o
15 obj-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SM_TEST) += sm_test.o

4 EXTERNAL USE
Integrate Linux Driver(Cont.)
Select the Key Blob by make menuconfig

Note: After selection, you can save the .config to imx_v7_defconfig/imx_v7_android_defconfig


5 EXTERNAL USE
Rebuild

Make zImage

6 EXTERNAL USE
Build as a module
1. Untar key_blob_module.tgz
2. Read the README and follow the instructions

README in key_blob_module

1. Make a symbol linux to the Linux kernel source code


ex: Your Linux is ~/L4.1.15_2.0.0
ln -s ~/L4.1.15_2.0.0 linux
2. Build command
make
make clean

After build done, you are able to find key_blob_module.ko

3. use
insmod key_blob_module.ko

7
After insmod done, you are able to see the /dev/kb
EXTERNAL USE
Build as a module (Cont.)

8 EXTERNAL USE
Build User Space Utility

Static Linux:
arm-linux-gcc -O2 -static -o kb_test kb_test.c

Dynamic Link:
arm-linux-gcc -O2 -o kb_test kb_test.c

Command Line:

key blob test usage:


encap test ==> kb_test encap <key_file> <blob_file>
decap test ==> kb_test decap <blob_file> <key_file>

Note: Suggest to use static link can use under the Android as well.

9 EXTERNAL USE
Test

The Blob is generated by master key, which is Unique in EACH chip.

Note: Please make sure the TWO boards are in closed mode NOT open mode.
Or it will use the SAME FIX test key. Not the master key.

The test will use TWO boards: Board A and Board B


Board A: encrypt a key 11112222333344445555666677778888 and generate a blob
Then decrypt the key from blob Correctly.

Board B: decrypt the key from the blob(From Board A) Incorrectly

10 EXTERNAL USE
Test On Board A
The Key can correctly decrypt from blob on Board A

11 EXTERNAL USE
Test On Board B
The blob is from Board A. On Board B, it can NOT decrypt the key correctly.

12 EXTERNAL USE

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy