You are here: Digi Embedded Yocto > System development > Linux v3.14 Board Support Package > Devices and interfaces > Cryptographic Accelerator and Assurance Module (CAAM)

CAAM (Cryptographic Accelerator and Assurance Module)

The i.MX6 Cortex-A9 processor offers hardware encryption through NXP's Cryptographic Accelerator and Assurance Module (CAAM, also known as SEC4). The CAAM combines functions to create a modular and scalable acceleration and assurance engine.

Features

The CAAM supports:

Kernel configuration

You can manage the CAAM support through the following kernel configuration options:

Cryptographic API (CRYPTO) → Hardware crypto devices (CRYPTO_HW) → Freescale CAAM-Multicore driver backend (CRYPTO_DEV_FSL_CAAM)

which is enabled as built-in on the default ConnectCore 6 SBC kernel configuration file.

Platform driver mapping

The CAAM drivers are located at drivers/crypto/caam:

File

Description

ctrl.c

CAAM control-plane driver backend

jr.c

CAAM/SEC 4.x functions for handling key-generation jobs

caamalg.c

NXP FSL CAAM support for crypto API

caamhash.c

NXP FSL CAAM support for hash functions of crypto API

caam_keyblob.c

NXP FSL CAAM support for general memory keyblob encryption and decryption

caamrng.c

NXP FSL CAAM support for hw_random

sm_store.c

CAAM secure memory storage interface

secvio.c

SNVS security violation handler

key_gen.c

CAAM/SEC 4.x functions for handling key-generation jobs

Device tree bindings and customization

The CAAM device tree binding is documented at Documentation/devicetree/bindings/crypto/fsl-sec4.txt.

User space usage

True Random Number Generator (TRNG)

Digi Embedded Yocto uses the hardware TRNG to feed both /dev/random and /dev/urandom. Applications should use /dev/random and /dev/urandom as normal.

Cryptographic authentication

At runtime, /proc/crypto will list a system's cipher support and where that support comes from.

root@ccimx6sbc:~# cat /proc/crypto
...
name : cbc(aes)
driver : cbc-aes-caam
module : kernel
priority : 3000
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : eseqiv
...

Digi Embedded Yocto uses the cryptodev user space support that, in turn, uses the crypto API in the Linux kernel:

The following user space cryptographic libraries use the cryptodev support through /dev/crypto:

The caam_keyblob driver creates a char device under /dev/caam_kb that can be used with the standard Linux API (open, close, ioctl) to perform encryption and decryption of data blobs.

 

© 2017 Digi International Inc. All rights reserved.
CAAM (Cryptographic Accelerator and Assurance Module) updated on 25 April 2017 12:51:27 AM