Derived SMEK TISCI Description¶
Note
This feature is only supported in j721S2 and j784S4 devices
This chapter provides information on System Firmware API for Derived Symmetric Encryption key (dsmek) management. The available API are listed below.
TISCI Message ID | Message Name | Available in GP | Available in HS-FS | Previous Message Name |
---|---|---|---|---|
0x9036 | TISCI_MSG_CRYPTO_GET_DSMEK | Yes* | Yes* | TISCI_MSG_SA2UL_GET_DSMEK |
0x9037 | TISCI_MSG_CRYPTO_SET_DSMEK | Yes* | Yes* | TISCI_MSG_SA2UL_SET_DSMEK |
0x9038 | TISCI_MSG_CRYPTO_RELEASE_DSMEK | Yes* | Yes* | TISCI_MSG_SA2UL_RELEASE_DSMEK |
Note
The TISCI Message ID macros have been renamed. Please update your code to use the new names.
On GP and HS-FS devices, DSMEK APIs return unconditional success but do not actually involve any step to derive or program the dsmek values
API Description¶
TISCI Message ID¶
TISCI_MSG_CRYPTO_SET_DSMEK (0x9037U)
Message to derive a SMEK and set DKEK register
struct tisci_msg_crypto_set_dsmek_req
TISCI Request for setting DSMEK in SA2UL registers
Parameter | Type | Description |
---|---|---|
hdr | struct tisci_header | Generic TISCI message header. |
instance | u8 | Crypto engine instance number - set to 0 |
kdf_label_len | u8 | Length of “Label” input to KDF |
kdf_context_len | u8 | Length of “Context” input to KDF |
kdf_label_and_context | u8 | ”Label” and “Context” bytes are stored in this array one after another. Maximum length of this field is KDF_LABEL_AND_CONTEXT_LEN_MAX |
struct tisci_msg_crypto_set_dsmek_resp
TISCI Response for setting DSMEK in SA2UL registers
Parameter | Type | Description |
---|---|---|
hdr | struct tisci_header | Generic TISCI message header. |
KDF_LABEL_AND_CONTEXT_LEN_MAX 41U
Note
The structures tisci_msg_sa2ul_set_dsmek_req
and tisci_msg_sa2ul_set_dsmek_resp
have been renamed to tisci_msg_crypto_set_dsmek_req
and tisci_msg_crypto_set_dsmek_resp
respectively.
Please update your code to use the new names.
See API Notes below.
TISCI Message ID¶
TISCI_MSG_CRYPTO_RELEASE_DSMEK (0x9038U)
Message to erase the DKEK register
struct tisci_msg_crypto_release_dsmek_req
TISCI Request for releasing DSMEK
Parameter | Type | Description |
---|---|---|
hdr | struct tisci_header | Generic TISCI message header. |
instance | u8 | Crypto engine instance number - set to 0 |
struct tisci_msg_crypto_release_dsmek_resp
TISCI Response for Releasing DSMEK
Parameter | Type | Description |
---|---|---|
hdr | struct tisci_header | Generic TISCI message header. |
Note
The structures tisci_msg_sa2ul_release_dsmek_req
and tisci_msg_sa2ul_release_dsmek_resp
have been renamed to tisci_msg_crypto_release_dsmek_req
and tisci_msg_crypto_release_dsmek_resp
respectively.
Please update your code to use the new names.
See API Notes below.
TISCI Message ID¶
TISCI_MSG_CRYPTO_GET_DSMEK (0x9036U)
Message to derive a SMEK and return it via TISCI
CRYPTO_DKEK_KEY_LEN (32U)
struct tisci_msg_crypto_get_dsmek_req
TISCI Request for getting DSMEK via TISCI
Parameter | Type | Description |
---|---|---|
hdr | struct tisci_header | Generic TISCI message header. |
instance | u8 | Crypto engine instance number - set to 0 |
kdf_label_len | u8 | Length of “Label” input to KDF |
kdf_context_len | u8 | Length of “Context” input to KDF |
kdf_label_and_context | u8 | ”Label” and “Context” bytes are stored in this array one after another. Maximum length of this field is KDF_LABEL_AND_CONTEXT_LEN_MAX |
struct tisci_msg_crypto_get_dsmek_resp
TISCI Response for requesting DSMEK
Parameter | Type | Description |
---|---|---|
hdr | struct tisci_header | Generic TISCI message header. |
dsmek | u8 | Array containing Derived KEK. Length is 32 bytes |
Note
The structures tisci_msg_sa2ul_get_dsmek_req
and tisci_msg_sa2ul_get_dsmek_resp
have been renamed to tisci_msg_crypto_get_dsmek_req
and tisci_msg_crypto_get_dsmek_resp
respectively.
Also, the MACRO SA2UL_DKEK_KEY_LEN
has been renamed to CRYPTO_DKEK_KEY_LEN
.
Please update your code to use the new names.
See API Notes below.
API Notes¶
- The total length of the Label and Context fields below is limited by the size of the TISCI messages(see Secure Messaging Header) to 41 bytes.
- System Firmware only support
instance
value of 0 in the API below.