Hello
I would like to understand the EDMK (Encryption Decryption Master Key). This key is used to decrypt and encrypt BL2 and FIP binaries.
Are there any other application of this key? For example, can it be used for LUKS ?
Is it possible to access some API to encrypt/decrypt using this key? Or is it reserved to the ROM code?
Thanks
Hello,
EDMK is mainly use for BL2 and FIP encryption/decryption (signingtool and romcode).
We use dm-encrypt, but not with EDMK (through HW RNG in OP-TEE). I don't know about LUKS.
EDMK is also used in the SSP process to encrypt/decrypt the secrets.
https://wiki.st.com/stm32mpu/wiki/How_to_deploy_SSP:_a_step-by-step_approach
It can be used elsewhere in a TA through OP-TEE for any AES processing. Upper OTPs could be made accessible through secure services but I don't know it it make sense to use the EDMK in this context.
https://github.com/linaro-swg/optee_examples
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.