Derived SMEK TISCI Description

Note

This feature is only supported in j721S2 and j784S4 devices

This chapter provides information on System Firmware API for Derived Symmetric Encryption key (dsmek) management. The available API are listed below.

TISCI Message ID Message Name Available in GP Available in HS-FS
0x9036 TISCI_MSG_SA2UL_GET_DSMEK Yes* Yes*
0x9037 TISCI_MSG_SA2UL_SET_DSMEK Yes* Yes*
0x9038 TISCI_MSG_SA2UL_RELEASE_DSMEK Yes* Yes*

Note

On GP and HS-FS devices, DSMEK APIs return unconditional success but do not actually involve any step to derive or program the dsmek values

API Description

TISCI_MSG_SA2UL_SET_DSMEK - Set DSMEK

Usage:

Message Type Normal
Secure Queue Only? Yes

TISCI Message ID

TISCI_MSG_SA2UL_SET_DSMEK          (0x9037U)

Message to derive a SMEK and set SA2UL DKEK register

struct tisci_msg_sa2ul_set_dsmek_req

TISCI Request for setting DSMEK in SA2UL registers

Parameter Type Description
hdr struct tisci_header Generic TISCI message header.
sa2ul_instance u8 SA2UL instance number - set to 0
kdf_label_len u8 Length of “Label” input to KDF
kdf_context_len u8 Length of “Context” input to KDF
kdf_label_and_context u8 ”Label” and “Context” bytes are stored in this array one after another. Maximum length of this field is KDF_LABEL_AND_CONTEXT_LEN_MAX

struct tisci_msg_sa2ul_set_dsmek_resp

TISCI Response for setting DSMEK in SA2UL registers

Parameter Type Description
hdr struct tisci_header Generic TISCI message header.

KDF_LABEL_AND_CONTEXT_LEN_MAX          41U

See API Notes below.

TISCI_MSG_SA2UL_RELEASE_DSMEK - Release DSMEK

Usage:

Message Type Normal
Secure Queue Only? Yes

TISCI Message ID

TISCI_MSG_SA2UL_RELEASE_DSMEK          (0x9038U)

Message to erase the DKEK register

struct tisci_msg_sa2ul_release_dsmek_req

TISCI Request for releasing DSMEK

Parameter Type Description
hdr struct tisci_header Generic TISCI message header.
sa2ul_instance u8 SA2UL instance number - set to 0

struct tisci_msg_sa2ul_release_dsmek_resp

TISCI Response for Releasing DSMEK

Parameter Type Description
hdr struct tisci_header Generic TISCI message header.

See API Notes below.

TISCI_MSG_SA2UL_GET_DSMEK - Get DSMEK

Usage:

Message Type Normal
Secure Queue Only? Yes

TISCI Message ID

TISCI_MSG_SA2UL_GET_DSMEK          (0x9036U)

Message to derive a SMEK and return it via TISCI

SA2UL_DSMEK_KEY_LEN          (32U)

struct tisci_msg_sa2ul_get_dsmek_req

TISCI Request for getting DSMEK via TISCI

Parameter Type Description
hdr struct tisci_header Generic TISCI message header.
sa2ul_instance u8 SA2UL instance number - set to 0
kdf_label_len u8 Length of “Label” input to KDF
kdf_context_len u8 Length of “Context” input to KDF
kdf_label_and_context u8 ”Label” and “Context” bytes are stored in this array one after another. Maximum length of this field is KDF_LABEL_AND_CONTEXT_LEN_MAX

struct tisci_msg_sa2ul_get_dsmek_resp

TISCI Response for requesting DSMEK

Parameter Type Description
hdr struct tisci_header Generic TISCI message header.
dsmek u8 Array containing Derived KEK. Length is 32 bytes

See API Notes below.

API Notes

  • The total length of the Label and Context fields below is limited by the size of the TISCI messages(see Secure Messaging Header) to 41 bytes.
  • System Firmware only support sa2ul_instance value of 0 in the API below.