i.MX95: EdgeLock Enclave secure storage
Frieder Schrempf
frieder.schrempf at kontron.de
Mon Jun 15 00:18:30 PDT 2026
On 13.06.26 15:58, Fabio Estevam wrote:
> Hi Pankaj,
>
> First of all, thank you for your work on upstreaming the
> EdgeLock Enclave (ELE) support. It is great to finally see the
> ELE framework landing upstream after a long development effort.
>
> I am currently evaluating the state of i.MX95 secure-boot and
> storage-security support based on current linux-next, with the
> goal of understanding what can already be achieved using
> upstream software and what pieces are still under development.
>
> From my review, it appears that the following infrastructure is
> already available upstream:
>
> - ELE/V2X mailbox support for i.MX95.
> - OCOTP/ELE nvmem support for fuse access.
There is no upstream support for OCOTP access via ELE. The
imx-ocotp-ele.c driver (despite its name) does not currently use the ELE
but the FSB to access the fuses (and is therefore limited to read-only
access).
I have some local WIP to add ELE support for the OCOTP driver. I think I
can post it soonish.
> - Secure-enclave bindings documenting the i.MX95 ELE HSM.
>
> However, I could not find upstream support for several
> capabilities that would be useful for secure storage
> deployments on i.MX95, including:
>
> - An ELE-backed trusted-key provider for the Linux trusted key
> framework.
> - Integration allowing Linux to use ELE as a key-sealing/
> unsealing backend.
> - i.MX95-specific crypto acceleration exposed through the Linux
> crypto API for dm-crypt use cases.
>
> Are you aware of any ongoing upstream or planned development
> activities in these areas, particularly for i.MX95?
>
> Any information about the upstream roadmap, ongoing
> development, or expected direction for these features would be
> greatly appreciated.
>
> Thanks again for your work and for any insights you can share.
>
> Regards,
>
> Fabio Estevam
More information about the linux-arm-kernel
mailing list