topic PKI HABv4 CA flag set in i.MX Processors

PKI HABv4 CA flag set

antonio_santagi — Mon, 14 Jun 2021 14:20:29 GMT

Hello,

regarding HABv4 on imx8M-mini,

we read on

https://www.nxp.com/docs/en/application-note/AN4581.pdf

at paragraph "5.1.1 Generating PKI tree for fast authentication"

that

“Unless boot time is critical, it is recommended that the SRK have the CA flag, and the CSF and IMG keys used to validate their respective data. The fast authentication feature supplies the user with a faster boot time, at the cost of a less robust signature.”

why the signature is less robust when not using CSF and IMG keys ( when in fast authentication mode ) ?

could you explain this comment ? we can't find a real reason why using fast authentication mode would lead to a less robust signature , does this mean less secure for some reason or in some cases ?

thank you

Re: PKI HABv4 CA flag set

Yuri — Tue, 15 Jun 2021 05:58:02 GMT

@antonio_santagi
Hello,

for standard scheme the SRK is stored by one person / organization, but the CSF and IMG
keys may be used by other person / organization. Under such approach even if the CSF and IMG
keys are compromised - the SRK does not.

Regards,
Yuri.

Re: PKI HABv4 CA flag set

antonio_santagi — Tue, 15 Jun 2021 07:21:52 GMT

Yes, but if then you want to revoke compromised keys you need to revoke the correspondent SRK key, you can't revoke the IMG and CSF keys.

Re: PKI HABv4 CA flag set

Yuri — Wed, 16 Jun 2021 03:28:31 GMT

@antonio_santagi
Hello,

It is possible to use new IMG and CSF keys instead of compromised and
sign image again without revoking the SRK.

Regards,
Yuri.

Re: PKI HABv4 CA flag set

leonardoveiga — Tue, 01 Aug 2023 18:36:21 GMT

> It is possible to use new IMG and CSF keys instead of compromised and
sign image again without revoking the SRK.

I don't understand what is the value of using new IMG and CSF keys in this case, since the old compromised IMG and CSF keys will still be able to sign valid software, as they are (both old and new IMG and CSF) generated from the same SRK.

And in this case - due to the fact that only SRK hashes are burned to eFuses, while IMG and CSF fuses are not - to revoke the old compromised IMG and CSF keys, one would need to revoke the SRK, thus also revoking any new IMG and CSF keys as well.