PKCS#11 Interface

The Security Services PKCS#11 library is a user space library available to DRIVE OS applications running on the Guest OS that provides a sub-set of the PKCS#11 interface as specified by the PKCS#11 v3.00 specification. In addition, some NVIDIA extensions are included.

It exposes interfaces for cryptographic hardware offload using the Security Engine for typical cryptography operations like symmetric-key/asymmetric-key cryptography, message authentication code generation, and pseudo random number generation.

Additionally, it also exposes interfaces for key management operations, including key generation, key derivation, and access to the dedicated secure key storage solution.

All cryptographic and key management operations are tightly coupled and securely implemented in SoC hardware, and the hardware-backed Trusted Execution Environment.

Note: The users of Security Services PKCS11 Lib APIs must ensure that API usage is as per API description and valid input parameters are passed. They must be familiar with the OASIS PKCS11 standard, including the OASIS standard user guide, for version 3.0, for all relevant APIs and mechanisms; they must also follow guidance published by NVIDIA in the present guide for the PKCS11 Library before using any PKCS11 API.