Good day!
Is it possible to enable CAAM on i.MX6ULL?
What steps should I implement to enable CAAM?
[Configuration]
OS: Yocto, kirkstone
HW: Colibri i.MX6ULL(non-wifi) SOM + evaluation board
Regards,
Elton
Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!
Did you like my answer?
Hello Elton,
Thank you for your question. Unfortunately, the i.MX6ULL processor used in the Colibri iMX6ULL module does not include the CAAM (Cryptographic Acceleration and Assurance Module) feature. This processor is a cost-optimized variant of the i.MX6 series and does not support some of the advanced features found in other i.MX6 processors, such as CAAM.
As a result, it is not possible to enable CAAM on the i.MX6ULL, as the hardware itself does not support this feature.
If you have any further questions or need additional information, feel free to ask.
Best regards,
Toradex AI Assistant.
Please, also check if these links can help you solve your problem:
Hi @elton.reformado , what version of the Colibri iMX6ULL are you using?
Please check this documentation: meta-toradex-security/docs/README-encryption.md at kirkstone-6.x.y · toradex/meta-toradex-security · GitHub
Technically we only verified encryption via CAAM for the the Colibri iMX6ULL 1GB RAM version - However other SoCs should also have CAAM support by NXP, so you might need to do some adjustments in the Yocto recipes
What exactly do you want to achieve with CAAM?
Kind regards,
Alvaro.
Hello @alvaro.tx ,
Technically we only verified encryption via CAAM for the the Colibri iMX6ULL 1GB RAM version - However other SoCs should also have CAAM support by NXP, so you might need to do some adjustments in the Yocto recipes
I am using Colibri iMX6ULL 512MB RAM version.
What exactly do you want to achieve with CAAM?
I have this application that uses sqlcipher and it takes significant time (20 seconds) by just acquiring info from a database.
I am just wondering if I can speed it up by enabling CAAM.
Regards,
Elton
i.MX6ULL contrary to i.MX6UL (single L) doesn’t include CAAM, you can’t enable it.
@alvaro.tx , I’m sure you verified not encryption, but HAB signing on i.MX6ULL. Which are different thigs. If you meant HAB signing with encryption, it is not available as well on CAAM-less i.MX6ULL. Moreover, HAB with encryption would involve fusing module first, booting in secure mode with HAB enabled, taking somehow secure blob from target, and then using that blob to create signed and encrypted bootloader image.
CAAM encryption could speedup encryption / decryption / hashing on bigger chunks of data. If not speed up, then at least offload CPU from encryption tasks and perhaps speed up this way other aspects of your app. But, to use CAAM your app should use some cipher/hashing layer, which would actually use CAAM instead of plain software cipher/hashing library. It is not as simple as you could expect. Most likely your SW won’t use CAAM, unless you do something, for example build cryptodev driver, so that openssl uses it to pass some operations to CAAM instead of hashing/ciphering by CPU.
2 Likes
Thanks for the comment @Edward. Let me clarify with our R&D team.
We have different GitHub pages for encryption and secure boot. The one I mentioned here is CAAM/TPM for encryption and doesn’t mention that a TPM is needed so if you are right, is probably a typo. I’m double checking.
1 Like
Hi @elton.reformado , sorry for the delay. We have confirmed that the Colibri iMX6ULL doesn’t have CAAM. If you really need to speed up the process, you can get away with an stronger CPU, another CAAM supported SoC or using a TPM.
Kind regards,
Alvaro.