topic What is SECO API? in i.MX Processors https://community.nxp.com/t5/i-MX-Processors/What-is-SECO-API/m-p/1481602#M192005 <P>Hi,</P><P><SPAN>I'm currently developing a secure boot solution for one of our customers using i.MX8DXL</SPAN></P><P>why the SECO API (sc_seco_authenticate() api) inside the authenticate_os_container() api from the NXP Guide is called 3 times?</P><P>authenticate_os_container api code:</P><PRE><SPAN class="">int authenticate_os_container(ulong addr)</SPAN> <SPAN class="">{</SPAN> <SPAN class=""> struct container_hdr *phdr;</SPAN> <SPAN class=""> int i, ret = 0;</SPAN> <SPAN class=""> int err;</SPAN> <SPAN class=""> sc_rm_mr_t mr;</SPAN> <SPAN class=""> sc_faddr_t start, end;</SPAN> <SPAN class=""> u16 length;</SPAN> <SPAN class=""> struct boot_img_t *img;</SPAN> <SPAN class=""> unsigned long s, e;</SPAN> <SPAN class=""> if (addr % 4) {</SPAN> <SPAN class=""> puts("Error: Image's address is not 4 byte aligned\n");</SPAN> <SPAN class=""> return -EINVAL;</SPAN> <SPAN class=""> }</SPAN> .....<BR /> .....</PRE><PRE><SPAN class=""> err = <EM><U><STRONG>sc_seco_authenticate</STRONG></U></EM>(-1, SC_SECO_AUTH_CONTAINER,</SPAN> <SPAN class=""> SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE);</SPAN> </PRE><PRE><SPAN class=""> for (i = 0; i &lt; phdr-&gt;num_images; i++) {</SPAN> <SPAN class=""> img = (struct boot_img_t *)(addr +</SPAN> <SPAN class=""> sizeof(struct container_hdr) +</SPAN> <SPAN class=""> i * sizeof(struct boot_img_t));</SPAN> <SPAN class=""> debug("img %d, dst 0x%x, src 0x%x, size 0x%x\n",</SPAN> <SPAN class=""> i, (uint32_t) img-&gt;dst, img-&gt;offset + addr, img-&gt;size);</SPAN> <SPAN class=""> memcpy((void *)img-&gt;dst, (const void *)(img-&gt;offset + addr),</SPAN> <SPAN class=""> img-&gt;size);<BR /></SPAN> ......<BR /> .....</PRE><PRE><SPAN class="">err = <EM><U><STRONG>sc_seco_authenticate</STRONG></U></EM>(-1, SC_SECO_VERIFY_IMAGE,</SPAN> <SPAN class=""> (1 &lt;&lt; i));</SPAN> <SPAN class=""> if (err) {</SPAN> <SPAN class=""> printf("Authenticate img %d failed, return %d\n",</SPAN> <SPAN class=""> i, err);</SPAN> <SPAN class=""> ret = -EIO;</SPAN> <SPAN class=""> }</SPAN></PRE><P>&nbsp;</P><PRE><SPAN class="">exit:</SPAN> <SPAN class=""> if (<U><EM><STRONG>sc_seco_authenticate</STRONG></EM></U>(-1, SC_SECO_REL_CONTAINER, 0) != SC_ERR_NONE)</SPAN> <SPAN class=""> printf("Error: release container failed!\n");</SPAN> <SPAN class=""> return ret;</SPAN> <SPAN class="">}</SPAN> </PRE><P>&nbsp;</P><P>What do the sc_seco_authenticate apis called 3 times authenticate the signed image?<BR />(At each step, which part of the signed image is authenticated?)</P><OL><LI>sc_seco_authenticate(ipc,&nbsp;<STRONG><SPAN class="">SC_SECO_AUTH_CONTAINER</SPAN> </STRONG>) : Authenticate whether an image is a container or not?</LI><LI>sc_seco_authenticate(ipc, <STRONG><SPAN class="">SC_SECO_VERIFY_IMAGE</SPAN></STRONG>) : Hash value authentication of container internal image?</LI><LI>sc_seco_authenticate(ipc, <STRONG><SPAN class="">SC_SECO_REL_CONTAINER</SPAN></STRONG>) : ?</LI></OL><P>&nbsp;</P><P><SPAN>Regards,<BR /></SPAN><SPAN>Duncan</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 30 Jun 2022 00:42:21 GMT minsiklee 2022-06-30T00:42:21Z What is SECO API? https://community.nxp.com/t5/i-MX-Processors/What-is-SECO-API/m-p/1481602#M192005 <P>Hi,</P><P><SPAN>I'm currently developing a secure boot solution for one of our customers using i.MX8DXL</SPAN></P><P>why the SECO API (sc_seco_authenticate() api) inside the authenticate_os_container() api from the NXP Guide is called 3 times?</P><P>authenticate_os_container api code:</P><PRE><SPAN class="">int authenticate_os_container(ulong addr)</SPAN> <SPAN class="">{</SPAN> <SPAN class=""> struct container_hdr *phdr;</SPAN> <SPAN class=""> int i, ret = 0;</SPAN> <SPAN class=""> int err;</SPAN> <SPAN class=""> sc_rm_mr_t mr;</SPAN> <SPAN class=""> sc_faddr_t start, end;</SPAN> <SPAN class=""> u16 length;</SPAN> <SPAN class=""> struct boot_img_t *img;</SPAN> <SPAN class=""> unsigned long s, e;</SPAN> <SPAN class=""> if (addr % 4) {</SPAN> <SPAN class=""> puts("Error: Image's address is not 4 byte aligned\n");</SPAN> <SPAN class=""> return -EINVAL;</SPAN> <SPAN class=""> }</SPAN> .....<BR /> .....</PRE><PRE><SPAN class=""> err = <EM><U><STRONG>sc_seco_authenticate</STRONG></U></EM>(-1, SC_SECO_AUTH_CONTAINER,</SPAN> <SPAN class=""> SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE);</SPAN> </PRE><PRE><SPAN class=""> for (i = 0; i &lt; phdr-&gt;num_images; i++) {</SPAN> <SPAN class=""> img = (struct boot_img_t *)(addr +</SPAN> <SPAN class=""> sizeof(struct container_hdr) +</SPAN> <SPAN class=""> i * sizeof(struct boot_img_t));</SPAN> <SPAN class=""> debug("img %d, dst 0x%x, src 0x%x, size 0x%x\n",</SPAN> <SPAN class=""> i, (uint32_t) img-&gt;dst, img-&gt;offset + addr, img-&gt;size);</SPAN> <SPAN class=""> memcpy((void *)img-&gt;dst, (const void *)(img-&gt;offset + addr),</SPAN> <SPAN class=""> img-&gt;size);<BR /></SPAN> ......<BR /> .....</PRE><PRE><SPAN class="">err = <EM><U><STRONG>sc_seco_authenticate</STRONG></U></EM>(-1, SC_SECO_VERIFY_IMAGE,</SPAN> <SPAN class=""> (1 &lt;&lt; i));</SPAN> <SPAN class=""> if (err) {</SPAN> <SPAN class=""> printf("Authenticate img %d failed, return %d\n",</SPAN> <SPAN class=""> i, err);</SPAN> <SPAN class=""> ret = -EIO;</SPAN> <SPAN class=""> }</SPAN></PRE><P>&nbsp;</P><PRE><SPAN class="">exit:</SPAN> <SPAN class=""> if (<U><EM><STRONG>sc_seco_authenticate</STRONG></EM></U>(-1, SC_SECO_REL_CONTAINER, 0) != SC_ERR_NONE)</SPAN> <SPAN class=""> printf("Error: release container failed!\n");</SPAN> <SPAN class=""> return ret;</SPAN> <SPAN class="">}</SPAN> </PRE><P>&nbsp;</P><P>What do the sc_seco_authenticate apis called 3 times authenticate the signed image?<BR />(At each step, which part of the signed image is authenticated?)</P><OL><LI>sc_seco_authenticate(ipc,&nbsp;<STRONG><SPAN class="">SC_SECO_AUTH_CONTAINER</SPAN> </STRONG>) : Authenticate whether an image is a container or not?</LI><LI>sc_seco_authenticate(ipc, <STRONG><SPAN class="">SC_SECO_VERIFY_IMAGE</SPAN></STRONG>) : Hash value authentication of container internal image?</LI><LI>sc_seco_authenticate(ipc, <STRONG><SPAN class="">SC_SECO_REL_CONTAINER</SPAN></STRONG>) : ?</LI></OL><P>&nbsp;</P><P><SPAN>Regards,<BR /></SPAN><SPAN>Duncan</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 30 Jun 2022 00:42:21 GMT https://community.nxp.com/t5/i-MX-Processors/What-is-SECO-API/m-p/1481602#M192005 minsiklee 2022-06-30T00:42:21Z