Occasional Contributor
Regular ContributorHi rdrr
The SDM handles the secure boot chain and authenticate the FSBL,BL31and BL33.
The Cryptographic service is not needed for the secure boot, it mainly support added feature such as Key mangement, SHA2/3 hashing functions and others.
Occasional ContributorThanks.
So to sum, the secure boot looks roughly as follows:
All the above is possible WITHOUT Cryptographic services, am I right?
Assuming all the above - there is one more thing. On other platforms like NXP Layerscape, the SoC features CAAM (Cryptographic Acceleration and Assurance Module). On of the functionality of this is that it allows to deploy and use so called black keys and black blobs. In a nutshell - black keys and black blobs are keys and data encrypted with the SoC’s hardware-fused root key, so they can be stored or transmitted only in encrypted form and can be decrypted exclusively inside the secure hardware module (e.g., CAAM).
We use such functionality on our NXP based board to encrypt and decrypt kernel image as well as keys used to setup dm-crypt (enc/dec rootfs).
Is something like this available on Agilex 5? If so - on variant with or without Cryptographic services?
Regular ContributorRegular ContributorDear Customer,
Since no further clarification is needed on this thread, it will be transitioned to community support for further help on doubts in this thread.
Please login to the Altera Community Forum and post a feed/response within the next 15 days to allow me to continue to support you. After 15 days, this thread will be transitioned to community support. The community users will be able to help you on your follow-up questions.
Thank you for the questions and as always pleasure having you here.
Best Wishes
tehjingy
