Hello,
according secureboot documentation in fuses can be stored keys (I support public keys). can we somehow use fuses to store private key (for symetric encyption)? My concern is that fuses can be read from userspace? It would be in this case possible to store elsewhere on platform? Thanks.
marek
hello marek.belisko,
there’s hardware crypto security engine key slot for storing SBK, KEK, SSK…etc.
when the ODM production mode bit is burned, you’ll no longer to read the keys.
please also check similar discussion threads for reference, such as Topic 80861, and Topic 107742,
thanks
Hello,
thanks for reply. Is there some documentation how we can then access key (e.g. for decryption?) from linux? Thanks.
@JerryChang it is possible using some kernel module (crypto or so) access keys from running linux? E.g. I want to be able to push some encrypted file to device and decrypt using key stored in fuses. Thanks a lot.
hello marek.belisko,
you may enable the script file to dump fuse information dump by tegrafuse.sh script.
or, you can check fuse details from sysnodes. for example, $ sudo cat /sys/devices/platform/tegra-fuse/odm_production_mode
thanks