gHSM Product Introduction 2022newdocumane.pdf
maicuongdt21
89 views
10 slides
Jun 16, 2024
Slide 1 of 10
1
2
3
4
5
6
7
8
9
10
About This Presentation
gHSM for ECU
Slide Content
gHSM
Product Introduction
Product Introduction
What is gHSM Solution?
➢gHSMisaHSM Firmware solution for IFX Aurix1G and Aurix2G MCUs.
➢gHSM software running in trusted environment (AURIX HSM), providing:
⚫HW accelerated
*
cryptographic services (Encryption/Decryption, Random Number Generation, Hash Signature
Generation/Verification)
⚫Crypto Key Management (Key Generation, Key Derivation and Key Secured Storage)
⚫Secure Boot to guarantee the integrity of controller’s software
⚫Secure Debug
➢gHSM can be integrated with AutoSaror Non-AutoSarbasic software.
* For A1G TC23x,only “gHSM Standard” functions can be supported.
* HW accelerators for HASH and PKC algorithms are only available in Aurix2G family.
➢gHSMisaHSM Firmware solution for IFX Aurix1G and Aurix2G MCUs.
➢gHSM software running in trusted environment (AURIX HSM), providing:
⚫HW accelerated
*
cryptographic services (Encryption/Decryption, Random Number Generation, Hash Signature
Generation/Verification)
⚫Crypto Key Management (Key Generation, Key Derivation and Key Secured Storage)
⚫Secure Boot to guarantee the integrity of controller’s software
⚫Secure Debug
➢gHSM can be integrated with AutoSaror Non-AutoSarbasic software.
* For A1G TC23x,only “gHSM Standard” functions can be supported.
* HW accelerators for HASH and PKC algorithms are only available in Aurix2G family.
gHSM running environment -Infineon AURIX HSM
AURIX Hardware Security Module (HSM)
⚫AES128 and TRNG implemented in HW
⚫HASH & PKC Accelerator implemented in HW
(AURIX2G only)
⚫Customer Specificrequirements (e.g.
SM2/SM3/SM4, asymmetric Encryption) can
be implemend in Software
⚫AES CMAC with minimum rate 25MBytes/s
(4MB in 160ms)
⚫A highly flexible and programmable solution
⚫Secure Key Storage provided byseparated
HSM D/P-FLASH
AURIX Hardware Security Module (HSM)
⚫AES128 and TRNG implemented in HW
⚫HASH & PKC Accelerator implemented in HW
(AURIX2G only)
⚫Customer Specificrequirements (e.g.
SM2/SM3/SM4, asymmetric Encryption) can
be implemend in Software
⚫AES CMAC with minimum rate 25MBytes/s
(4MB in 160ms)
⚫A highly flexible and programmable solution
⚫Secure Key Storage provided byseparated
HSM D/P-FLASH
gHSM Features Overview
Features Sub-Modes gHSM Standard gHSM Extended (on Road)
AES 128 cipher modes ECB ◆ ◆
CBC ◆ ◆
OFB ◆ ◆
CFB ◆ ◆
CTR ◆ ◆
XTS ◆ ◆
GCM ◆ ◆
AES 128 MAC CMAC ◆ ◆
Random Number Generator Pseudo ◆ ◆
True ◆ ◆
Non-Volatile user key slots 20 N
Ram Key slot 1 1
Key usage restriction for CMAC verification ◆ ◆
Safe CMAC Verification ◆ ◆
SHA (224, 256, 512) ◆
RSA/ECDSA/Ed25519 ◆
Secure Boot ◆ ◆
Secure Update ◆
Features Sub-Modes gHSM Standard gHSM Extended (on Road)
AES 128 cipher modes ECB ◆ ◆
CBC ◆ ◆
OFB ◆ ◆
CFB ◆ ◆
CTR ◆ ◆
XTS ◆ ◆
GCM ◆ ◆
AES 128 MAC CMAC ◆ ◆
Random Number Generator Pseudo ◆ ◆
True ◆ ◆
Non-Volatile user key slots 20 N
Ram Key slot 1 1
Key usage restriction for CMAC verification ◆ ◆
Safe CMAC Verification ◆ ◆
SHA (224, 256, 512) ◆
RSA/ECDSA/Ed25519 ◆
Secure Boot ◆ ◆
Secure Update ◆
gHSM Standard Features
2009-04-01 SHE Functional Specification v1.1
(rev439).pdf
➢gHSM Standard provides features according to:
➢2009-04-01 SHE Functional Specification v1.1 (rev439).pdf
➢2009-10-16 Errata and amendments to SHE v1.1, rev439.pdf
2009-04-01 SHE Functional Specification v1.1
(rev439).pdf
➢gHSM Standard provides features according to:
➢2009-04-01 SHE Functional Specification v1.1 (rev439).pdf
➢2009-10-16 Errata and amendments to SHE v1.1, rev439.pdf
Software Architecture Overview
➢HSM Firmware & TRICORE Complex Driver
➢AutoSar(ASR403_CRY) & Non-AutoSarInterface
* CSM is not a part of gHSM standard solution
➢HSM Firmware & TRICORE Complex Driver
➢AutoSar(ASR403_CRY) & Non-AutoSarInterface
* CSM is not a part of gHSM standard solution
gHSM Standard Interfaces
➢CRY Interfaces are provided to use SHE standard features
➢CRY Interfaces are provided to use SHE standard features
gHSM Standard Feature –Secure Boot
➢Is using symmetrical algorithm CMAC
➢Is composed of:
⚫A check started independently by SHE after reset
➢The SHE-check is based on
⚫a symmetrical key
⚫an expected CMAC result value
both stored in SHE non-volatile memory.
➢The SHE-check is only related to the initial application boot part
(called e.g. Startup, Initial bootloader, Boot manager)
➢SHE secure boot provides user-accessible interfaces to inform SHE
about the authenticity of the subsequent software parts.
➢Consequences if an application software is evaluated as non-
authentic: Some of the SHE keys (e.g. master key, user key) may no
more be usable until next reset.
➢Note: SHE-check is only checking TriCore software, not HSM
software.
➢Is using symmetrical algorithm CMAC
➢Is composed of:
⚫A check started independently by SHE after reset
➢The SHE-check is based on
⚫a symmetrical key
⚫an expected CMAC result value
both stored in SHE non-volatile memory.
➢The SHE-check is only related to the initial application boot part
(called e.g. Startup, Initial bootloader, Boot manager)
➢SHE secure boot provides user-accessible interfaces to inform SHE
about the authenticity of the subsequent software parts.
➢Consequences if an application software is evaluated as non-
authentic: Some of the SHE keys (e.g. master key, user key) may no
more be usable until next reset.
➢Note: SHE-check is only checking TriCore software, not HSM
software.
gHSM Standard Feature –Key Storage
➢gHSM Standard provides SHE standard Key Storage (extended to support 20 Keys) and Update protocol
➢Key are stored in HSM DFLASH sectors. (For TC23x, as not DF1 exists, PFLASH sectors are used to emulating DF1)
➢gHSM Standard provides SHE standard Key Storage (extended to support 20 Keys) and Update protocol
➢Key are stored in HSM DFLASH sectors. (For TC23x, as not DF1 exists, PFLASH sectors are used to emulating DF1)
2021年03月01日
上海金脉电子科技有限公司
上海市浦东新区康桥路 787号10号楼一层
THANKS!
上海金脉电子科技有限公司
上海市浦东新区康桥路 787号10号楼一层
THANKS!
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 89
- Slides 10
- Age 540 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
35 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
38 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
34 views
14
Fertility awareness methods for women in the society
Isaiah47
31 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
30 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
31 views