topic Re: Verify signed images from Linux user space in i.MX Processors

Verify signed images from Linux user space

michalhojsik — Wed, 06 Dec 2017 17:25:21 GMT

Hi.

I am using the authenticated boot feature of i.MX6ul and I would like to ask:

How can I verify a signed image (for example signed Kernel with device tree) from Linux user-space?

While doing a firmware upgrade, I would like to verify that the new firmware will successfully boot before flashing it to the memory the device boots from.

Regards,

Michal

Re: Verify signed images from Linux user space

Yuri — Thu, 07 Dec 2017 03:19:28 GMT

Hello,

Generally, HAB API library is included as a component of the boot ROM. It allows

image code, external to the ROM, to make calls back to the HAB for authenticating

additional boot stages. But we do not have Linux user space implementation of the

HAB API. Customers can try to design own one.

Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

Re: Verify signed images from Linux user space

jdepedro — Fri, 08 Dec 2017 11:36:12 GMT

@Yuri However HAB API requires the image to be validated to be at a expecific absolute memory location (as described in the CST) correct? This is something that is not always possible when running Linux SO.

Is there a way to workaround that requirement?

Re: Verify signed images from Linux user space

Yuri — Mon, 11 Dec 2017 08:41:40 GMT

Hello,

Correct, using HAB API under Linux may have some restrictions. We do not have

solutions for Linux user space.

Regards,

Yuri.