We are using AM335x based Gateway. We want to use HSM 2 based USB for key authentication. Can we generate openSSL based key pair outside (in ubuntu 14.04 PC) and move the keys to Nitrokey HSM 2. How to access the keys from Nitrokey HSM 2 in ARM processors.
J. Chandra Sekhar
Hi @chandrasekharJ !
Sorry for the delay. Please take a look at the Nitrokey HSM2 fact-sheet regarding the supported algorithms. Regarding the libraries, there is a SDK available.
Thank you for the information.
Which SDK to be followed in the below link (https://www.smartcard-hsm.com/applications.html#signcode) for code signing. Basically we want to use the keys generated by HSM2 during our image build.
@chandrasekharJ the exact way how to sign the software depends on how the signature will be verified and is heavily dependent on the format of the executable or the filesystem where the firmware is stored. Nitrokey HSM 2 offers a PKCS #11 driver which is compatible with most of the code signing tools I know.
Unrelated to Nitrokey - I did some quick search looking for code signing for AM335x and could not find any documentation about that. Does TI provide secure boot mechanism comparable to something like HAB from Freescale/NXP? Looks like Texas Instruments does not want to publish this information.