K3 HS devices have a randomly generated 256 bit key written into the efuses in TI Factory. This key is called a Key Encryption Key (KEK) and is unique to each device. The key is only accessible via an AES engine which is controlled by the DMSC. System controller firmware uses CMAC as the Pseudo Random Function(PRF) in counter mode to derive a new KEK, called DKEK. The DKEK can be accessed in the following ways:
Files | |
file | sciclient_dkek.h |
This file contains the definition of all the message IDs, message formats to be able to interact with the System Controller firmware for DKEK management. | |
Functions | |
int32_t | Sciclient_setDKEK (const struct tisci_msg_sa2ul_set_dkek_req *req, struct tisci_msg_sa2ul_set_dkek_resp *resp, uint32_t timeout) |
Request to derive a KEK and set SA2UL DKEK register. More... | |
int32_t | Sciclient_releaseDKEK (const struct tisci_msg_sa2ul_release_dkek_req *req, struct tisci_msg_sa2ul_release_dkek_resp *resp, uint32_t timeout) |
Request to erase the DKEK register. More... | |
int32_t | Sciclient_getDKEK (const struct tisci_msg_sa2ul_get_dkek_req *req, struct tisci_msg_sa2ul_get_dkek_resp *resp, uint32_t timeout) |
Request for getting the firewall permissions. More... | |
int32_t Sciclient_setDKEK | ( | const struct tisci_msg_sa2ul_set_dkek_req * | req, |
struct tisci_msg_sa2ul_set_dkek_resp * | resp, | ||
uint32_t | timeout | ||
) |
Request to derive a KEK and set SA2UL DKEK register.
Message: TISCI_MSG_SA2UL_SET_DKEK
Request: tisci_msg_sa2ul_set_dkek_req
Response: tisci_msg_sa2ul_set_dkek_resp
req | Pointer to DKEK set request payload |
resp | Pointer to DKEK set response payload |
timeout | Gives a sense of how long to wait for the operation. Refer SystemP_Timeout. |
int32_t Sciclient_releaseDKEK | ( | const struct tisci_msg_sa2ul_release_dkek_req * | req, |
struct tisci_msg_sa2ul_release_dkek_resp * | resp, | ||
uint32_t | timeout | ||
) |
Request to erase the DKEK register.
Message: TISCI_MSG_SA2UL_RELEASE_DKEK
Request: tisci_msg_sa2ul_release_dkek_req
Response: tisci_msg_sa2ul_release_dkek_resp
req | Pointer to DKEK release request payload |
resp | Pointer to DKEK release response payload |
timeout | Gives a sense of how long to wait for the operation. Refer SystemP_Timeout. |
int32_t Sciclient_getDKEK | ( | const struct tisci_msg_sa2ul_get_dkek_req * | req, |
struct tisci_msg_sa2ul_get_dkek_resp * | resp, | ||
uint32_t | timeout | ||
) |
Request for getting the firewall permissions.
Message: TISCI_MSG_SA2UL_GET_DKEK
Request: tisci_msg_sa2ul_release_dkek_req
Response: tisci_msg_sa2ul_release_dkek_resp
req | Pointer to DKEK get request payload |
resp | Pointer to DKEK get response payload |
timeout | Gives a sense of how long to wait for the operation. Refer SystemP_Timeout. |