rdrr
Occasional ContributorUser Profile
Occasional Contributor
User Widgets
Contributions
Re: Agilex 5 with HPS Cryptographic services and bootflow
Thanks. So to sum, the secure boot looks roughly as follows: SDM verifies FSBL FSBL laods BL31 and verifies its signature using VAB AUTHENTICATION (implemented in TF-A), that uses mailobx to communicate with SDM FSBL loads BL33 and verifies its signature using VAB AUTHENTICATION (implemented in TF-A), that uses mailobx to communicate with SDM All the above is possible WITHOUT Cryptographic services, am I right? Assuming all the above - there is one more thing. On other platforms like NXP Layerscape, the SoC features CAAM (Cryptographic Acceleration and Assurance Module). On of the functionality of this is that it allows to deploy and use so called black keys and black blobs. In a nutshell - black keys and black blobs are keys and data encrypted with the SoC’s hardware-fused root key, so they can be stored or transmitted only in encrypted form and can be decrypted exclusively inside the secure hardware module (e.g., CAAM). We use such functionality on our NXP based board to encrypt and decrypt kernel image as well as keys used to setup dm-crypt (enc/dec rootfs). Is something like this available on Agilex 5? If so - on variant with or without Cryptographic services?Re: Agilex 5 with HPS Cryptographic services and bootflow
Thanks, but still have some questions. Engineering sample, it's code is MK-A5E065BB32AES1, when you look at the doc I attached (here is the link https://cdrdv2-public.intel.com/820978/ug-820977-820978.pdf) in the Table 1 you see that for the following engineering sample MK-A5E065BB32AES1, the device part number is A5ED065BB32AE6SR0. Decoding the 4tf digit of the ordering number and looking at the part number decoder we have A5ED, with D implying Quad HPS and Cryptographic Services. Where can I find the information that Cryptographic Services are disabled on ES? As for the A5EC065BB32AE6S, looking at the 4th digit and part number decoder it seems that this variant does not feature Cryptographic Services am I right? As for the Terasic board (https://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=123&No=1384&PartNo=2#contents) with FPGA: A5EB013BB23BE4SCS and again looking at the 4th digit and product table code it seems that this product should have HPS as well as Cryptographic services, yes? The thing I'm the most interested in is - whether or not will I be able to run full chain on trust on HPS on these particular product numbers. I guess that on the variant with no Cryptographic services I will be only able to authenticate fsbl only, but won't be able to authenticate further boot stages - BL31, BL33, Linux, yes? I will be very grateful for some guidance. Ps. sorry for spamming your mailbox but I've sent I guess 20 replies and each of them got deleted I guess due to the fact I originally used Cryptographic without "graphic" thus the content was filtered.Re: Agilex 5 with HPS Cryptographic services and bootflow
Thanks, but still have some questions. Engineering sample, it's code is MK-A5E065BB32AES1, when you look at the doc I attached (here is the link https://cdrdv2-public.intel.com/820978/ug-820977-820978.pdf) in the Table 1 you see that for the following engineering sample MK-A5E065BB32AES1, the device part number is A5ED065BB32AE6SR0. Decoding the 4tf digit of the ordering number and looking at the part number decoder we have A5ED, with D implying Quad HPS and Cryptographic Services. Where can I find the information that Cryptographic Services are disabled on ES? As for the A5EC065BB32AE6S, looking at the 4th digit and part number decoder it seems that this variant does not feature Cryptographic Services am I right? As for the Terasic board (https://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=123&No=1384&PartNo=2#contents) with FPGA: A5EB013BB23BE4SCS and again looking at the 4th digit and product table code it seems that this product should have HPS as well as Cryptographic services, yes? The thing I'm the most interested in is - whether or not will I be able to run full chain on trust on HPS on these particular product numbers. I guess that on the variant with no Cryptographic services I will be only able to authenticate fsbl only, but won't be able to authenticate further boot stages - BL31, BL33, Linux, yes? I will be very grateful for some guidance. Ps. sorry for spamming your mailbox but I've sent I guess 20 replies and each of them got deleted I guess due to the fact I originally used Cryptographic without "graphic" thus the content was filtered.Re: Agilex 5 with HPS Cryptographic services and bootflow
Thanks, but still have some questions. Engineering sample, it's code is MK-A5E065BB32AES1, when you look at the doc I attached (here is the link https://cdrdv2-public.intel.com/820978/ug-820977-820978.pdf) in the Table 1 you see that for the following engineering sample MK-A5E065BB32AES1, the device part number is A5ED065BB32AE6SR0. Decoding the 4tf digit of the ordering number and looking at the part number decoder we have A5ED, with D implying Quad HPS and Cryptographic Services. Where can I find the information that Cryptographic Services are disabled on ES? As for the A5EC065BB32AE6S, looking at the 4th digit and part number decoder it seems that this variant does not feature Cryptographic Services am I right? As for the Terasic board (https://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=123&No=1384&PartNo=2#contents) with FPGA: A5EB013BB23BE4SCS and again looking at the 4th digit and product table code it seems that this product should have HPS as well as Cryptographic services, yes? The thing I'm the most interested in is - whether or not will I be able to run full chain of trust on HPS on these particular product numbers. I guess that on the variant with no Cryptographic services I will be able to authenticate fsbl only, but won't be able to authenticate further boot stages namely BL31, BL33, Linux, yes? I will be very grateful for some guidance. Ps. sorry for spamming your mailbox but I've sent I guess 20 replies and each of them got deleted I guess due to the fact I originally used Cryptographic without "graphic" thus the content was filtered.Re: Agilex 5 with HPS Cryptographic services and bootflow
Thanks, but still have some questions. Engineering sample, it's code is MK-A5E065BB32AES1, when you look at the doc I attached (here is the link https://cdrdv2-public.intel.com/820978/ug-820977-820978.pdf) in the Table 1 you see that for the following engineering sample MK-A5E065BB32AES1, the device part number is A5ED065BB32AE6SR0. Decoding the 4tf digit of the ordering number and looking at the part number decoder we have A5ED, with D implying Quad HPS and Cryptographic Services. Where can I find the information that Cryptographic Services are disabled on ES? As for the A5EC065BB32AE6S, looking at the 4th digit and part number decoder it seems that this variant does not feature Cryptographic Services am I right? As for the Terasic board (https://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=123&No=1384&PartNo=2#contents) with FPGA: A5EB013BB23BE4SCS and again looking at the 4th digit and product table code it seems that this product should have HPS as well as Cryptographic services, yes? The thing I'm the most interested in is - whether or not will I be able to run full chain of trust on HPS on these particular product numbers. I guess that on the variant with no Cryptographic services I will be only able to authenticate fsbl only, but won't be able to authenticate further boot stages - BL31, BL33, Linux, yes? I will be very grateful for some guidance. Ps. sorry for spamming your mailbox but I've sent I guess 20 replies and each of them got deleted I guess due to the fact I originally used Cryptographic without "graphic" thus the contentRe: Agilex 5 with HPS Cryptographic services and bootflow
Thanks, but still have some questions. Engineering sample, it's code is MK-A5E065BB32AES1, when you look at the doc I attached (here is the link https://cdrdv2-public.intel.com/820978/ug-820977-820978.pdf) in the Table 1 you see that for the following engineering sample MK-A5E065BB32AES1, the device part number is A5ED065BB32AE6SR0. Decoding the 4tf digit of the ordering number and looking at the part number decoder we have A5ED, with D implying Quad HPS and Cryptographic Services. Where can I find the information that Cryptographic Services are disabled on ES? As for the A5EC065BB32AE6S, looking at the 4th digit and part number decoder it seems that this variant does not feature Cryptographic Services am I right? As for the Terasic board (https://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=123&No=1384&PartNo=2#contents) with FPGA: A5EB013BB23BE4SCS and again looking at the 4th digit and product table code it seems that this product should have HPS as well as Cryptographic services, yes? The thing I'm the most interested in is - whether or not will I be able to run full chain on trust on HPS on these particular product numbers. I guess that on the variant with no Cryptographic services I will be only able to authenticate fsbl only, but won't be able to authenticate further boot stages - BL31, BL33, Linux, yes? I will be very grateful for some guidance. Ps. sorry for spamming your mailbox but I've sent I guess 20 replies and each of them got deleted I guess due to the fact I originally used Cryptographic without "graphic" thus the content was filtered.Re: Agilex 5 with HPS Cryptographic services and bootflow
Thanks, I have a question regarding part numbers because I feel I'm kinda lost. I have the following devkit: MK-A5E065BB32AES1 which according to this document https://cdrdv2-public.intel.com/820978/ug-820977-820978.pdf uses the following part number: A5ED065BB32AE6SR0 Looking at the table in Security Overview it seems that variant "D" should feature the Crptographic Services. Also I found the following table that also states that it should feature Quad HPS and Crptographic Services. Am I right? Does my devkit have the Crptographic services? Also how about: A5EC065BB32AE6S A5EB013BB23BE4SCS https://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=123&No=1384&PartNo=2#contents Do they have crpto services? Will be grateful for some information. Ps. please do something with post filtering, as its ridiculous. I had to write this post several times because each time it was deleted due to prohibited word namely c_r_p_t_o without "_". BRRe: Agilex 5 with HPS Cryptographic services and bootflow
Thanks, I have a question regarding part numbers because I feel I'm kinda lost. I have the following devkit: MK-A5E065BB32AES1 which according to this document https://cdrdv2-public.intel.com/820978/ug-820977-820978.pdf uses the following part number: A5ED065BB32AE6SR0 Looking at the table in Security Overview it seems that variant "D" should feature the Crptographic Services. Also I found the following table that also states that it should feature Quad HPS and Crptographic Services. Am I right? Does my devkit have the Crptographic services? Also how about: A5EC065BB32AE6S A5EB013BB23BE4SCS https://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=123&No=1384&PartNo=2#contents Do they have crpto services? Will be grateful for some information. Ps. please do something with post filtering, as its ridiculous. I had to write this post several times because each time it was deleted due to prohibited word namely c_r_p_t_o without "_". BR
