The EdgeLock Enclave (ELE) is an independent security domain that provides security services, which include key management, random number generation, data storage, execution of cryptographic services, etc.
This application is developed to make some of the ELE functionalities visible.
Current supported devices:
- i.MX93EVK + 1080P monitor
Currently, this demo has 3 functions: random number generation(RNG), AES encryption and decryption, and data storage.
For this function, there are 4 elements in the UI screen from the top to bottom:
- A text box
- showing 20 bytes of consecutive random numbers
- A 2d-plot
- where the dot's position is generated by ELE RNG
- A generate button
- press to generate 200 bytes of random number, add 100 pairs of dots into the 2d-plot and update the text box with the first 20 bytes
- A clear button
- press to clear all the dots in the 2d-plot and text box
Press GENERATE to generate 200 bytes random numbers. Then, the 2d-plot and text box will be updated.
Press CLEAR to clear all the dots in the 2d-plot and the text box.
The main idea for this function is to show that ELE has AES crypto feature. There are mainly 4 elements:
- 3 pictures
- the first one is the original image
- the second is encrypted image
- the third is decrypted image
- A mode select bar
- select one of the AES mode:
- AES-256-ECB/CBC/CTR
- select one of the AES mode:
- A encrypt button
- A decrypt button
Select one of the AES mode and press ENCRYPT button. There will be a window popping out to set your password. Input your password and click OK in that window. The second image will be updated when the encryption is finished.
Press DECRYPT button to decrypt the encrypted image. There will be a window popping out for confirming your password which is set before. If the password is verified, the third image will be updated. Otherwise, there will be a warning that the password is wrong.
This demo uses data storage of ELE to store the password's hash of AES crypto. The SHA-256 hash value of the password is stored by ELE when the image is encrypted. The hash value will be verified when the image is decrypted.
git clone --recurse-submodules [repo_url]
cd imx-ele-demoThis example is using linux 6.1-langdale for i.MX93
source /opt/fsl-imx-internal-xwayland/6.1-langdale/environment-setup-armv8a-poky-linuxmake imx-secure-enclave library and apply patch for lvgl first
cd /path/to/imx-secure-enclave
make PLAT=ele
export ELE_ROOT=/path/to/imx-secure-enclave
PROJDIR=$(pwd)
cp -rf $PROJDIR/protocols/ $PROJDIR/lv_drivers/wayland/
cd $PROJDIR/lv_drivers
git apply $PROJDIR/misc/patch/0001-fix-wayland-busy-flush-and-add-wm_capabilities.patchThen move to project directory and make
cd $PROJDIR
make -j32bin/eledemo
make sure the nvm_daemon is started and run the binary
systemctl start nvm_daemon
./eledemoIf the application could not be started, please make sure the nvm_daemon is started and:
rm /etc/ele/* -rfThen reboot the device by power button switch rather Linux command reboot.