i.MX95: EdgeLock Enclave secure storage
Fabio Estevam
festevam at gmail.com
Sat Jun 13 06:58:36 PDT 2026
Hi Pankaj,
First of all, thank you for your work on upstreaming the
EdgeLock Enclave (ELE) support. It is great to finally see the
ELE framework landing upstream after a long development effort.
I am currently evaluating the state of i.MX95 secure-boot and
storage-security support based on current linux-next, with the
goal of understanding what can already be achieved using
upstream software and what pieces are still under development.
>From my review, it appears that the following infrastructure is
already available upstream:
- ELE/V2X mailbox support for i.MX95.
- OCOTP/ELE nvmem support for fuse access.
- Secure-enclave bindings documenting the i.MX95 ELE HSM.
However, I could not find upstream support for several
capabilities that would be useful for secure storage
deployments on i.MX95, including:
- An ELE-backed trusted-key provider for the Linux trusted key
framework.
- Integration allowing Linux to use ELE as a key-sealing/
unsealing backend.
- i.MX95-specific crypto acceleration exposed through the Linux
crypto API for dm-crypt use cases.
Are you aware of any ongoing upstream or planned development
activities in these areas, particularly for i.MX95?
Any information about the upstream roadmap, ongoing
development, or expected direction for these features would be
greatly appreciated.
Thanks again for your work and for any insights you can share.
Regards,
Fabio Estevam
More information about the linux-arm-kernel
mailing list