FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Key generation for encrypted boot

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Key generation for encrypted boot

Jump to solution
‎01-17-2017 02:18 AM
1,108 Views
friederbaumgrat
Contributor III

Dear NXP community,

I am currently working on the encrypted boot for IMX.6 CPUs.

Everything works, but I have one problem. I have to encrypt the same image and transfer them to different boards (same CPU). The current state is, that I run the CST Tool and transfer the generated output key (dek.bin) to the board and call the dek_blob function in order to generate the dek_blob.bin (final key).

Is there a way I don't need to transfer the dek.bin to the board?

Is is possible to generate the dek_blob.bin on my host computer?

Best regards,

Frieder

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Jump to solution
‎01-17-2017 07:56 AM
680 Views
gary_bisson
Senior Contributor III

Hi,

No there is no way, that is the whole point of the process, to be unique per board since it relies on each board unique ID/key.

If you really want to flash the exact same image on each platform, I guess you'll need give up on encryption and sign only.

Regards,

Gary

View solution in original post

Reply
2 Replies

Jump to solution
‎01-17-2017 07:56 AM
681 Views
gary_bisson
Senior Contributor III

Hi,

No there is no way, that is the whole point of the process, to be unique per board since it relies on each board unique ID/key.

If you really want to flash the exact same image on each platform, I guess you'll need give up on encryption and sign only.

Regards,

Gary

Reply

Jump to solution
‎01-18-2017 01:03 AM
680 Views
friederbaumgrat
Contributor III

Hey Gary,

Thank you for your answer.

Regards,

Frieder

0 Kudos
Reply