Forum Discussion

rdrr's avatar
rdrr
Icon for Occasional Contributor rankOccasional Contributor
2 months ago

Agilex 5 with HPS Cryptographic services and bootflow

Hi I have a question regarding boot flow on agilex 5 with HPS with security in mind. I am aware how this is typically implemented on other SoCs like NXP but as for the Agilex - I just started working on this SoC

From what I understand (based on the docs and tf-a source code in particular VAB part) the flow is the following:

  • SDM verfies fsbl signature and loads it
  • SDM releses HPS from reset
  • Fsbl loads next stages (BL31 BL33) each time communicating with SDM through mailbox asking SDM to verify the image signaturure

Then we can be sure that we only use legitimate binaries. Am I right?

I have found in the agilex 5 product table that some variants are equipped with Cryptographic services and some not.

Are these Cryptographic services needed to perform the above flow?

If the variant I have is not equipped with such IP is there any other way to securely boot all boot chain up to Linux?

Arm Processor
embedded peripheral
Hps Arch
Hps Boot

22 Replies

    • rdrr's avatar
      rdrr
      Icon for Occasional Contributor rankOccasional Contributor
      2 months ago

      Thanks, I have a question regarding part numbers because I feel I'm kinda lost.

      I have the following devkit: MK-A5E065BB32AES1 which according to this document https://cdrdv2-public.intel.com/820978/ug-820977-820978.pdf uses the following part number: A5ED065BB32AE6SR0 
      Looking at the table in Security Overview it seems that variant "D" should feature the CryptographicServices. 
      Also I found the following table that also states that it should feature Quad HPS and CryptographicServices. 


      Am I right? Does my devkit have the Cryptographic services?

      Also how about:

      Do they have crypto_services?

      Will be grateful for some information.

      BR

    • rdrr's avatar
      rdrr
      Icon for Occasional Contributor rankOccasional Contributor
      2 months ago

      Thanks, I have a question regarding part numbers because I feel I'm kinda lost.

      I have the following devkit: MK-A5E065BB32AES1 which according to this document https://cdrdv2-public.intel.com/820978/ug-820977-820978.pdf uses the following part number: A5ED065BB32AE6SR0 
      Looking at the table in Security Overview it seems that variant "D" should feature the Cryptographic Services. 
      Also I found the following table that also states that it should feature Quad HPS and Cryptographic Services. 


      Am I right? Does my devkit have the Cryptographic services?

      Also how about A5EC065BB32AE6S - does it have cryptographic services or not? 

      Will be grateful for some information.

      BR

    • rdrr's avatar
      rdrr
      Icon for Occasional Contributor rankOccasional Contributor
      2 months ago

      Thanks, I have a question regarding part numbers because I feel I'm kinda lost.

      I have the following devkit: MK-A5E065BB32AES1 which according to this document https://cdrdv2-public.intel.com/820978/ug-820977-820978.pdf uses the following part number: A5ED065BB32AE6SR0 
      Looking at the table in Security Overview it seems that variant "D" should feature the CryptographicServices. 


      Also I found the following table that also states that it should feature Quad HPS and CryptographicServices.

       


      Am I right? Does my devkit have the Cryptographic_services?

      Also how about:

      Do they have crypto_services?

      Will be grateful for some information.

      BR

  • SueC_Altera's avatar
    SueC_Altera
    Icon for Contributor rankContributor
    2 months ago

    Hi rdrr,

    Your replies disappeared - I don't know why.  I will alert the forum team.  But I got the emails.

    I'm so sorry you are confused! The part number decoder shows this, in part:

    The dev kit is not shown on here because it is an ES device.  You can see this by the 0 in the 4th digit place and the ES at the end.  Security features are not enabled on ES devices.

    For the other two devices you showed, you should look at the Agilex 5 C column for the first one and the Agilex 5 B column for the second device (using the 4th digit again) in the document I linked above.

    All security features except for the Cryptographic Services are available on both B and C devices.  The table in part shows: 

     

    Does that help?

    Sue

    • rdrr's avatar
      rdrr
      Icon for Occasional Contributor rankOccasional Contributor
      2 months ago

      Thanks, but still have some questions. 

      1. Engineering sample, it's code is MK-A5E065BB32AES1, when you look at the doc I attached (here is the link https://cdrdv2-public.intel.com/820978/ug-820977-820978.pdf) in the Table 1 you see that for the following engineering sample MK-A5E065BB32AES1, the device part number is A5ED065BB32AE6SR0. 
        Decoding the 4tf digit of the ordering number and looking at the part number decoder we have A5ED, with D implying Quad HPS and Cryptographic Services. Where can I find the information that Cryptographic Services are disabled on ES?
      2. As  for the A5EC065BB32AE6S, looking at the 4th digit and part number decoder it seems that this variant does not feature Cryptographic Services am I right?
      3. As for the Terasic board (https://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=123&No=1384&PartNo=2#contents) with FPGA: A5EB013BB23BE4SCS and again looking at the 4th digit and product table code it seems that this product should have HPS as well as Cryptographic services, yes?

      The thing I'm the most interested in is - whether or not will I be able to run full chain on trust on HPS on these particular product numbers.

      I guess that on the variant with no Cryptographic services I will be only able to authenticate fsbl only, but won't be able to authenticate further boot stages - BL31, BL33, Linux, yes?

      I will be very grateful for some guidance. 

      Ps. sorry for spamming your mailbox but I've sent I guess 20 replies and each of them got deleted I guess due to the fact I originally used Cryptographic without "graphic" thus the content was filtered. 

       

    • rdrr's avatar
      rdrr
      Icon for Occasional Contributor rankOccasional Contributor
      2 months ago

      Thanks, but still have some questions. 

      1. Engineering sample, it's code is MK-A5E065BB32AES1, when you look at the doc I attached (here is the link https://cdrdv2-public.intel.com/820978/ug-820977-820978.pdf) in the Table 1 you see that for the following engineering sample MK-A5E065BB32AES1, the device part number is A5ED065BB32AE6SR0. 
        Decoding the 4tf digit of the ordering number and looking at the part number decoder we have A5ED, with D implying Quad HPS and Cryptographic Services. Where can I find the information that Cryptographic Services are disabled on ES?
      2. As  for the A5EC065BB32AE6S, looking at the 4th digit and part number decoder it seems that this variant does not feature Cryptographic Services am I right?
      3. As for the Terasic board (https://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=123&No=1384&PartNo=2#contents) with FPGA: A5EB013BB23BE4SCS and again looking at the 4th digit and product table code it seems that this product should have HPS as well as Cryptographic services, yes?

      The thing I'm the most interested in is - whether or not will I be able to run full chain of trust on HPS on these particular product numbers.

      I guess that on the variant with no Cryptographic services I will be only able to authenticate fsbl only, but won't be able to authenticate further boot stages - BL31, BL33, Linux, yes?

      I will be very grateful for some guidance. 

      Ps. sorry for spamming your mailbox but I've sent I guess 20 replies and each of them got deleted I guess due to the fact I originally used Cryptographic without "graphic" thus the content  

       

    • rdrr's avatar
      rdrr
      Icon for Occasional Contributor rankOccasional Contributor
      2 months ago

      Thanks, but still have some questions. 

      1. Engineering sample, it's code is MK-A5E065BB32AES1, when you look at the doc I attached (here is the link https://cdrdv2-public.intel.com/820978/ug-820977-820978.pdf) in the Table 1 you see that for the following engineering sample MK-A5E065BB32AES1, the device part number is A5ED065BB32AE6SR0. 
        Decoding the 4tf digit of the ordering number and looking at the part number decoder we have A5ED, with D implying Quad HPS and Cryptographic Services. Where can I find the information that Cryptographic Services are disabled on ES?
      2. As  for the A5EC065BB32AE6S, looking at the 4th digit and part number decoder it seems that this variant does not feature Cryptographic Services am I right?
      3. As for the Terasic board (https://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=123&No=1384&PartNo=2#contents) with FPGA: A5EB013BB23BE4SCS and again looking at the 4th digit and product table code it seems that this product should have HPS as well as Cryptographic services, yes?

      The thing I'm the most interested in is - whether or not will I be able to run full chain of trust on HPS on these particular product numbers.

      I guess that on the variant with no Cryptographic services I will be able to authenticate fsbl only, but won't be able to authenticate further boot stages namely BL31, BL33, Linux, yes?

      I will be very grateful for some guidance. 

      Ps. sorry for spamming your mailbox but I've sent I guess 20 replies and each of them got deleted I guess due to the fact I originally used Cryptographic without "graphic" thus the content was filtered. 

  • tehjingy_Altera's avatar
    tehjingy_Altera
    Icon for Regular Contributor rankRegular Contributor
    2 months ago

    Hi rdrr 

     

    The SDM handles the secure boot chain and authenticate the FSBL,BL31and BL33.

    The Cryptographic service is not needed for the  secure boot, it mainly support added feature such as Key mangement, SHA2/3 hashing functions and others.

     

     

    • rdrr's avatar
      rdrr
      Icon for Occasional Contributor rankOccasional Contributor
      2 months ago

      Thanks. 

      So to sum, the secure boot looks roughly as follows:

      • SDM verifies FSBL
      • FSBL laods BL31 and verifies its signature using  VAB AUTHENTICATION (implemented in TF-A), that uses mailobx to communicate with SDM 
      • FSBL loads BL33 and verifies its signature using  VAB AUTHENTICATION (implemented in TF-A), that uses mailobx to communicate with SDM 

      All the above is possible WITHOUT Cryptographic services, am I right?

      Assuming all the above - there is one more thing. On other platforms like NXP Layerscape, the SoC features CAAM (Cryptographic Acceleration and Assurance Module). On of the functionality of this is that it allows to deploy and use so called black keys and black blobs. In a nutshell - black keys and black blobs are keys and data encrypted with the SoC’s hardware-fused root key, so they can be stored or transmitted only in encrypted form and can be decrypted exclusively inside the secure hardware module (e.g., CAAM).

      We use such functionality on our NXP based board to encrypt and decrypt kernel image as well as keys used to setup dm-crypt (enc/dec rootfs).

      Is something like this available on Agilex 5? If so - on variant with or without Cryptographic services?

  • SueC_Altera's avatar
    SueC_Altera
    Icon for Contributor rankContributor
    2 months ago

    Yes - we have Black Key Provisioning available. All of the security documentation is available on RDC if you have an NDA with Altera.

    Sue