The i.MX8QXP CPU offers modular and scalable hardware encryption through NXP’s Cryptographic Accelerator and Assurance Module (CAAM, also known as SEC4).
Features
The CAAM on the i.MX8QXP CPU includes the following features:
- 
DMA 
- 
Secure memory - 
One default partition, plus 7 optional partitions 
- 
Access control per partition 
- 
Zeroization on reset, failure, and requested de-allocation of pages or partitions 
 
- 
- 
Secure key module - 
Black keys 
- 
Export and import of cryptographic blobs - 
Data encapsulated in a cryptographic data structure for storage in nonvolatile memory 
- 
AES_CCM encryption using a 256-bit key 
- 
Each blob encrypted using its own randomly generated blob key 
- 
Blob key encrypted using a device unique key 
- 
Blob key encryption key derived from non-volatile master key input 
- 
General memory blob key encryption key derived from non-volatile master key input 
- 
Secure memory blob key encryption key derived from partition access permission bits and non-volatile master key input 
- 
Separate blob key encryption keys for trusted mode, secure mode, and nonsecure mode 
 
- 
 
- 
- 
Public key cryptography - 
DSA - 
DSA sign, verify with private key, key generation 
- 
Non-timing-equalized versions of private key operations 
- 
Timing-equalized and non-timing-equalized versions for signing and key generation 
 
- 
- 
Diffie-Hellman (DH) key agreement - 
Timing-equalized and non-timing-equalized versions of key agreement and key generation 
 
- 
- 
RSA - 
Modulus size up to 4096 bits 
- 
Private keys in (n,d), (p,q,d), or 5-part (p,q,dp,dq,c) forms 
- 
Private key operations (decrypt, sign), timing-equalized to thwart side channel attack 
- 
Non-timing-equalized versions of private key operations 
 
- 
- 
Primality testing (up to 4096 bits) 
- 
Elliptic curve cryptography - 
Timing-equalized and normal versions point multiplication 
- 
Point validation (checking whether a point is on curve) both for prime field and binary polynomial field curves 
- 
Point multiply on Montgomery curves (e.g. Curve25519) 
- 
Point add, multiply and validation on twisted-form Edwards curves (e.g. Edwards25519) 
- 
Elliptic curve digital signature algorithm (ECDSA) to sign, verify, verify with private key and key generation 
- 
Elliptic curve Diffie-Hellman (ECDH) key agreement and key generation 
- 
Modulus size up to 1024 bits 
- 
Timing-equalized versions of ECDSA sign and key generation 
- 
Non-timing-equalized versions of sign and key generation 
 
- 
 
- 
- 
Cryptographic authentication - 
Hashing algorithms - 
MD5 
- 
SHA-1 
- 
SHA-224 
- 
SHA-256 
- 
SHA-384 
- 
SHA-512 
- 
SHA-512/224 
- 
SHA-512/256 
 
- 
- 
Message authentication codes (MAC) - 
HMAC-all hashing algorithms 
- 
AES-CMAC 
- 
AES-XCBC-MAC 
 
- 
- 
Auto padding 
- 
ICV checking 
 
- 
- 
Authenticated encryption algorithms - 
AES-CCM (counter with CBC-MAC) 
- 
AES-GCM (Galois counter mode) 
 
- 
- 
Symmetric key block ciphers - 
AES (128-bit, 192-bit or 256-bit keys) 
- 
DES (64-bit keys, including key parity) 
- 
3DES (128-bit or 192-bit keys, including key parity) 
- 
Cipher modes - 
ECB, CBC, CFB, OFB for all block ciphers 
- 
CTR for AES 
 
- 
 
- 
- 
Symmetric key stream ciphers - 
ArcFour (alleged RC4 with 40 - 128 bit keys) 
 
- 
- 
Random-number generation - 
Entropy is generated via an independent free running ring oscillator 
- 
Oscillator is off when not generating entropy; for lower-power consumption 
- 
NIST-compliant, pseudo random number generator seeded using hardware-generated entropy 
 
- 
- 
Run-time integrity checking - 
SHA-256 message authentication 
- 
SHA-512 message authentication 
- 
Segmented data gathering to support non-contiguous data blocks in memory 
- 
Support for up to four independent memory blocks 
 
- 
Kernel configuration
You can manage the CAAM support through the following kernel configuration options:
- 
Cryptographic API ( CONFIG_CRYPTO)
- 
Hardware crypto devices ( CONFIG_CRYPTO_HW)
- 
Freescale CAAM-Multicore driver backend ( CONFIG_CRYPTO_DEV_FSL_CAAM)
which are enabled as built-in on the default ConnectCore 8X kernel configuration file.
The set of kernel configuration options depending on CRYPTO_DEV_FSL_CAAM further configures CAAM support.
Kernel driver
The CAAM drivers are located at drivers/crypto/caam:
| File | Description | 
|---|---|
| CAAM control-plane driver backend | |
| CAAM/SEC 4.x functions for handling key-generation jobs | |
| CAAM support for crypto API | |
| CAAM support for hash functions of crypto API | |
| CAAM support for general memory keyblob encryption and decryption | |
| CAAM support for hw_random | |
| CAAM secure memory storage interface | |
| SNVS security violation handler | |
| CAAM/SEC 4.x functions for handling key-generation jobs | 
Device tree bindings and customization
The CAAM device tree binding is documented at Documentation/devicetree/bindings/crypto/fsl-sec4.txt.
User space usage
True Random Number Generator (TRNG)
Digi Embedded Yocto uses the hardware TRNG inside the CAAM to feed both /dev/random and /dev/urandom.
Applications should use /dev/random and /dev/urandom as normal.
Cryptographic and authentication algorithms
You can list the encryption algorithms supported by the system with cat /proc/crypto:
# cat /proc/crypto
...
name : cbc(aes)
driver : cbc-aes-caam
module : kernel
priority : 3000
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : eseqiv
...For each algorithm you get a set of properties, including:
- 
name: the name of the algorithm
- 
driver: the driver that provides this support. If the driver contains caam it means the CAAM hardware engine provides support for this encryption algorithm.
- 
priority: the higher the value, the higher the priority. Normally hardware-accelerated algorithms have higher priority over software algorithms.
To verify if an encryption or hashing operation is using the CAAM, you can check the interruption count for the jr (job ring) devices.
# grep -E "jr|CPU0" /proc/interrupts
           CPU0       CPU1       CPU2       CPU3
 69:        587          0          0          0     GICv3 138 Level     30902000.jrCAAM blobs
The caam_keyblob driver creates a char device under /dev/caam_kb that can be used with the standard Linux API (open, close, ioctl) to perform encryption and decryption of CAAM blobs.
See Secure storage for more information about CAAM blobs.
 
         
   
   
        