- Aug 22, 2019
- 73
- 204
Technical Details
Technical Details
eMMC/UFS/NVMe have fixed physical RPMB partition(s) in device
–per-allocated during flash device manufacture.
RPMB key can only be programmed once in its life time, and is invisible to any software as long as it is programmed into h/w device.
All data read/write request of access to RPMB will be authenticated by H/W RPMB controller with RPMB Authkey (Authentication Key):
–Authenticate algorithm is HMAC-SHA256 (or 512)
–H/W built-in monotonic Write Counter is used for replay-protection on WRITE access;
–Software generated Random Number is used for replay-protection on READ access.
Without RPMB Auth key, read access is still possible, but the data being read may
RPMB Key Generation and Programming
RPMB Key generation requirements:
–Key is tied to hardware unique key (HUK).
–Key is also bound to eMMC/UFS/NVMe flash storage serial #.
RPMB key programming:
–Typically firmware is responsible for programing the RPMB Key (in cleartext) into RPMB controller through RPMB key programming interface.
–Do it once in factory, or just right after eMMC/UFS replacement if applicable.
–Key cannot be changed once it’s programmed successfully (FUSED)
LIKE This post and Comment
LIKE This post and Comment