https://community.nxp.com/t5/i-MX-Processors/Signing-RFS-Configuration-and-Application-with-AHAB-possible/m-p/995030#M147676 <HTML><HEAD></HEAD><BODY><P>Hello Yuri, </P><P></P><P>thanks for the fast answer.</P><P></P><P>I am pretty new to this - but according to my understanding dm-crypts is used to encrypt my disk which protects the confidentiality of the data.</P><P></P><P>What about signing the RFS Kernel configuration and Application to ensure the security goal "integrity" and "authenticity"?</P><P></P><P>Are there other tools for that?</P><P>May it be possible with AHAB or&nbsp;is there no API for that?</P><P></P><P>Best regards,</P><P></P><P>Quang</P></BODY></HTML> Fri, 06 Mar 2020 08:48:15 GMT quang_bui 2020-03-06T08:48:15Z https://community.nxp.com/t5/i-MX-Processors/Signing-RFS-Configuration-and-Application-with-AHAB-possible/m-p/995028#M147674 <HTML><HEAD></HEAD><BODY><P>Hello guys,</P><P></P><P>I am trying to implement secure boot on the new i.MX8X processor and having some question.</P><P></P><P>According to the documenation of AN12312 it is possible to secure the bootloader and the OS.</P><P></P><P>This leads me to the question:</P><P></P><P>Is it also possible with AHAB to sign and verify the Root File System and all Applications offered by the OEM.</P><P></P><P>If yes - how does it work?</P><P></P><P>Best regards,</P><P></P><P>Quang</P></BODY></HTML> Thu, 05 Mar 2020 15:12:51 GMT https://community.nxp.com/t5/i-MX-Processors/Signing-RFS-Configuration-and-Application-with-AHAB-possible/m-p/995028#M147674 quang_bui 2020-03-05T15:12:51Z https://community.nxp.com/t5/i-MX-Processors/Signing-RFS-Configuration-and-Application-with-AHAB-possible/m-p/995029#M147675 <HTML><HEAD></HEAD><BODY><P class="">Hello,</P><P class=""></P><P class="">&nbsp; It may be recommended to use the DM-Crypt in Your case.</P><P class=""></P><P class="">"i.MX Encrypted Storage Using CAAM Secure Keys"</P><P class=""></P><P class=""><A class="link-titled" href="https://www.nxp.com/docs/en/application-note/AN12714.pdf" title="https://www.nxp.com/docs/en/application-note/AN12714.pdf">https://www.nxp.com/docs/en/application-note/AN12714.pdf</A>&nbsp;</P><P class=""><BR />Have a great day,<BR />Yuri</P><P class=""></P><P class="">-------------------------------------------------------------------------------<BR />Note:<BR />- If this post answers your question, please click the "Mark Correct" button. Thank you!</P><P class="">- We are following threads for 7 weeks after the last post, later replies are ignored<BR />Please open a new thread and refer to the closed one, if you have a related question at a later point in time.</P></BODY></HTML> Fri, 06 Mar 2020 02:30:37 GMT https://community.nxp.com/t5/i-MX-Processors/Signing-RFS-Configuration-and-Application-with-AHAB-possible/m-p/995029#M147675 Yuri 2020-03-06T02:30:37Z https://community.nxp.com/t5/i-MX-Processors/Signing-RFS-Configuration-and-Application-with-AHAB-possible/m-p/995030#M147676 <HTML><HEAD></HEAD><BODY><P>Hello Yuri, </P><P></P><P>thanks for the fast answer.</P><P></P><P>I am pretty new to this - but according to my understanding dm-crypts is used to encrypt my disk which protects the confidentiality of the data.</P><P></P><P>What about signing the RFS Kernel configuration and Application to ensure the security goal "integrity" and "authenticity"?</P><P></P><P>Are there other tools for that?</P><P>May it be possible with AHAB or&nbsp;is there no API for that?</P><P></P><P>Best regards,</P><P></P><P>Quang</P></BODY></HTML> Fri, 06 Mar 2020 08:48:15 GMT https://community.nxp.com/t5/i-MX-Processors/Signing-RFS-Configuration-and-Application-with-AHAB-possible/m-p/995030#M147676 quang_bui 2020-03-06T08:48:15Z https://community.nxp.com/t5/i-MX-Processors/Signing-RFS-Configuration-and-Application-with-AHAB-possible/m-p/995031#M147677 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>&nbsp; &nbsp;U-boot can be signed and checked by i.MX boot ROM; Linux kernel can be signed&nbsp;</P><P>and checked by U-boot, using boot ROM HAB API, mentioned in&nbsp; AN12263 (HABv4 RVT</P><P>Guidelines and Recommendations).</P><P></P><P><A class="link-titled" href="https://www.nxp.com/docs/en/application-note/AN12263.pdf" title="https://www.nxp.com/docs/en/application-note/AN12263.pdf">https://www.nxp.com/docs/en/application-note/AN12263.pdf</A>&nbsp;</P><P></P><P>&nbsp; But for Linux we do not have proper HAB API, therefore such general approach as using&nbsp;</P><P>DM-Crypt is recommended for Linux file system and applications.&nbsp;&nbsp;</P><P></P><P>Regards,</P><P>Yuri.</P></BODY></HTML> Tue, 10 Mar 2020 08:01:14 GMT https://community.nxp.com/t5/i-MX-Processors/Signing-RFS-Configuration-and-Application-with-AHAB-possible/m-p/995031#M147677 Yuri 2020-03-10T08:01:14Z