Derived SMEK TISCI Description

Note

This feature is only supported in j721S2 and j784S4 devices

This chapter provides information on System Firmware API for Derived Symmetric Encryption key (dsmek) management. The available API are listed below.

TISCI Message ID Message Name Available in GP Available in HS-FS Previous Message Name
0x9036 TISCI_MSG_CRYPTO_GET_DSMEK Yes* Yes* TISCI_MSG_SA2UL_GET_DSMEK
0x9037 TISCI_MSG_CRYPTO_SET_DSMEK Yes* Yes* TISCI_MSG_SA2UL_SET_DSMEK
0x9038 TISCI_MSG_CRYPTO_RELEASE_DSMEK Yes* Yes* TISCI_MSG_SA2UL_RELEASE_DSMEK

Note

The TISCI Message ID macros have been renamed. Please update your code to use the new names.

On GP and HS-FS devices, DSMEK APIs return unconditional success but do not actually involve any step to derive or program the dsmek values

API Description

TISCI_MSG_CRYPTO_SET_DSMEK - Set DSMEK

Usage:

Message Type Normal
Secure Queue Only? Yes

TISCI Message ID

TISCI_MSG_CRYPTO_SET_DSMEK          (0x9037U)

Message to derive a SMEK and set DKEK register

struct tisci_msg_crypto_set_dsmek_req

TISCI Request for setting DSMEK in SA2UL registers

Parameter Type Description
hdr struct tisci_header Generic TISCI message header.
instance u8 Crypto engine instance number - set to 0
kdf_label_len u8 Length of “Label” input to KDF
kdf_context_len u8 Length of “Context” input to KDF
kdf_label_and_context u8 ”Label” and “Context” bytes are stored in this array one after another. Maximum length of this field is KDF_LABEL_AND_CONTEXT_LEN_MAX

struct tisci_msg_crypto_set_dsmek_resp

TISCI Response for setting DSMEK in SA2UL registers

Parameter Type Description
hdr struct tisci_header Generic TISCI message header.

KDF_LABEL_AND_CONTEXT_LEN_MAX          41U

Note

The structures tisci_msg_sa2ul_set_dsmek_req and tisci_msg_sa2ul_set_dsmek_resp have been renamed to tisci_msg_crypto_set_dsmek_req and tisci_msg_crypto_set_dsmek_resp respectively. Please update your code to use the new names.

See API Notes below.

TISCI_MSG_CRYPTO_RELEASE_DSMEK - Release DSMEK

Usage:

Message Type Normal
Secure Queue Only? Yes

TISCI Message ID

TISCI_MSG_CRYPTO_RELEASE_DSMEK          (0x9038U)

Message to erase the DKEK register

struct tisci_msg_crypto_release_dsmek_req

TISCI Request for releasing DSMEK

Parameter Type Description
hdr struct tisci_header Generic TISCI message header.
instance u8 Crypto engine instance number - set to 0

struct tisci_msg_crypto_release_dsmek_resp

TISCI Response for Releasing DSMEK

Parameter Type Description
hdr struct tisci_header Generic TISCI message header.

Note

The structures tisci_msg_sa2ul_release_dsmek_req and tisci_msg_sa2ul_release_dsmek_resp have been renamed to tisci_msg_crypto_release_dsmek_req and tisci_msg_crypto_release_dsmek_resp respectively. Please update your code to use the new names.

See API Notes below.

TISCI_MSG_CRYPTO_GET_DSMEK - Get DSMEK

Usage:

Message Type Normal
Secure Queue Only? Yes

TISCI Message ID

TISCI_MSG_CRYPTO_GET_DSMEK          (0x9036U)

Message to derive a SMEK and return it via TISCI

CRYPTO_DKEK_KEY_LEN          (32U)

struct tisci_msg_crypto_get_dsmek_req

TISCI Request for getting DSMEK via TISCI

Parameter Type Description
hdr struct tisci_header Generic TISCI message header.
instance u8 Crypto engine instance number - set to 0
kdf_label_len u8 Length of “Label” input to KDF
kdf_context_len u8 Length of “Context” input to KDF
kdf_label_and_context u8 ”Label” and “Context” bytes are stored in this array one after another. Maximum length of this field is KDF_LABEL_AND_CONTEXT_LEN_MAX

struct tisci_msg_crypto_get_dsmek_resp

TISCI Response for requesting DSMEK

Parameter Type Description
hdr struct tisci_header Generic TISCI message header.
dsmek u8 Array containing Derived KEK. Length is 32 bytes

Note

The structures tisci_msg_sa2ul_get_dsmek_req and tisci_msg_sa2ul_get_dsmek_resp have been renamed to tisci_msg_crypto_get_dsmek_req and tisci_msg_crypto_get_dsmek_resp respectively. Also, the MACRO SA2UL_DKEK_KEY_LEN has been renamed to CRYPTO_DKEK_KEY_LEN. Please update your code to use the new names.

See API Notes below.

API Notes

  • The total length of the Label and Context fields below is limited by the size of the TISCI messages(see Secure Messaging Header) to 41 bytes.
  • System Firmware only support instance value of 0 in the API below.