Table of Contents
Advertisement
• One instance is possible at the present time. In the future, when job rings can run
independently in different system partitions, a multiple instance secure memory
driver should be considered.
• All storage requests are limited to the storage size of a single slot (which is of a
build-time configurable length). It may be possible to allow a secret to span multiple
slots so long as those slots can be allocated contiguously.
• Slot size is fixed across all pages/partitions.
• Encapsulation/Decapsulation interfaces could allow for authentication to be
specified; the underlying interface does not request it.
• Encapsulation/Decapsulation interfaces return a job status; this status should be
translated into a meaningful error from
45.19 CAAM/SNVS - Security Violation Handling Interface
Overview
This chapter describes a prototype of a driver component and control interface for SNVS
Security Violations. It provides a means of installing, managing, and executing
application defined handlers meant to process security violation events as a response to
their occurrence in a system.
SNVS allows for the continuous monitoring of a number of possible attack vectors in a
running system. If the occurrence of one of these attach vectors is sensed, (e.g. a Security
Violation has been detected), SNVS can, along with erasing critical security parameters
and transitioning to a failure state. generate an interrupt indicating that the violation has
occurred. This interrupt can dispatch an application-defined routine to take cleanup action
as a consequence of the violation, such that an orderly shutdown of security services
might occur.
Therefore, the purpose of this interface is to allow system-level services to install
handlers for these types of events. This will allow the system designer to select how he
wants to respond to specific security violation causes using a simple function call written
to his system-specific requirements.
45.20 Operation
For existing platforms, 6 security violation interrupt causes are possible within SNVS. 5
of these violation causes are normally wired for use, and these causes are defined as:
• SECVIO_CAUSE_CAAM_VIOLATION - Violation detected inside CAAM/SNVS
• SECVIO_CAUSE JTAG_ALARM - JTAG activity detected
i.MX 6Solo/6DualLite Linux Reference Manual, Rev. L3.0.35_4.1.0, 09/2013
Freescale Semiconductor, Inc.
Chapter 45 CAAM (Cryptographic Acceleration and Assurance Module)
errno.h
325
Advertisement
Table of Contents
