Skip to content

Javacard KeyMint 100 v1.1 - Bug Fixes

Compare
Choose a tag to compare
@mdwivedi mdwivedi released this 02 May 22:18
· 101 commits to Javacard_KeyMint_100_master since this release
JC_Keymint_100_v1.1
bee6747
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This is the Version bug fixes release for Javacard KeyMint 100 . Please refer to the following release notes for details.

- Previous Relese: JC_Keymint_100_v1.0
- Current Release: JC_Keymint_100_v1.1
- Branch: Javacard_KeyMint_100_master
- KeyMint Spec Version: 1.0
- Date : 02-May-2022

Release Documents:
https://drive.google.com/drive/folders/1MxUKxCzHvzR5nsq3RqRnbDIxltXMJ0f8?usp=sharing

Detailed Release Notes:
https://drive.google.com/file/d/1v0SwvO7NGndMXZGiJ7Q9jM8Vhtoxf9zn/view?usp=sharing

Other Docs Included:

  • xTS Setup Guide
  • Details on RKP Component Provisioning
  • RKP Explanatio
  • Keymint Provisioning

Release Highlights - Bug Fixes

  • Changes in the KeyBlob structure, the KeyBlobś version is changed from 1 to 2.

Added a new entry for custom tags inside the KeyBlob.

Changes in the KeyBlobś hidden parameters: The Root of Trust.

  • Root of Trust binding, contains only Verified Boot Key, Verified Boot State and lock state of the device. ( No Verified Boot Hash)

  • Fixed the issue with parallel operation execution with each operation overriding the previous KeyObject.

Created a pool for KeyObjects, where a single KeyObject per each algorithm (AES, TDES, HMAC, RSA, EC) is created at installation time and supports on demand creation of an extra 3 KeyObjects per algorithm.

Each crypto object is associated with a separate KeyObject from the Key pool.

  • Separate crypto and key instances created for RKP generateCSR flow so that it does not depend on the objects from the Pool.

  • Renamed "CURRENT_PACKAGE_VERSION" variable to "KM_PERSISTENT_DATA_STORAGE_VERSION¨.

Assets 2
Loading