1 Introduction
1.1 Purpose
In embedded processor design the need of hardware support for cryptographic
operations is increasing. In particular, there are customer requirements for
easily performing cryptographic operations inside TrustZone
®
. In i.MX 8M and
i.MX 8MM, OP-TEE OS can control the hardware cryptographic module by
using libimxcrypt. This is a mechanism to perform hardware accelerated
cryptographic operations inside of a secure zone.
The purpose of this document is to describe how to add the support of
accelerated OP-TEE OS with Cryptographic Accelerator and Assurance
Module (CAAM) on top of OpenSSL. The final result being an enhanced
OpenSSL being capable to accelerate crypto algorithms in a secure way via
OP-TEE.
1.2 Audience
This document is intended for those who:
• Need to understand the secure storage inside of OP-TEE
• Need to hardware accelerate cryptographic algorithms using the complete flow OpenSSL <-> OP-TEE <-> CAAM
It is assumed that the reader is familiar with the basics of the RSA/ECC cryptographic functions.
1.3 Definitions, Acronyms and Abbreviations
CA Client Application
CAAM Cryptographic Accelerator and Assurance Module
ECC Elliptic-curve cryptography
MD5 Message-Digest Algorithm 5
OP-TEE Open Portable Trusted Execution Environment
PKCS Public Key Cryptography Standards
RSA Public-key cryptosystem which is widely used for secure data
transmission
Table continues on the next page...
Contents
1 Introduction............................................ 1
1.1 Purpose........................ 1
1.2 Audience.......................1
1.3 Definitions,
Acronyms and
Abbreviations................. 1
2 Overview................................................2
3 Components.......................................... 2
3.1 Pseudo Trusted
Application..................... 3
3.2 Trusted Application.......3
3.3 Secure Key Library....... 3
3.4 SecureObject
OpenSSL Engine........... 4
4 Setup and usage....................................4
5 Revision history..................................... 5
AN12632
Enhanced OpenSSL on i.MX 8M and i.MX 8MM
Rev. 0 — 25 January 2020
Application Note