https://community.nxp.com/t5/i-MX-Processors/High-Assurance-Boot-Certificate-Validity/m-p/286884#M33938 <HTML><HEAD></HEAD><BODY><P>Hi Chris,</P><P></P><P>Currently, if the validity period of the certificate expires nothing will happen.&nbsp; The ROM/HAB does not enforce certificate validity periods and the Code Signing Tool will still allow code to be signed.&nbsp; The intent is to enforce the cert validity periods with the code signing tool.&nbsp; However, feature has not yet been added and is planned as an update to the code signing tool.</P><P></P><P>Regards,</P><P>-Rod</P><P><BR /> </P></BODY></HTML> Tue, 11 Jun 2013 22:46:25 GMT rodz 2013-06-11T22:46:25Z https://community.nxp.com/t5/i-MX-Processors/High-Assurance-Boot-Certificate-Validity/m-p/286883#M33937 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I work on a Freescale i.mx28 and I use High Assurance Boot (HAB).</P><P></P><P>When creating certificates with the "hab4_pki_tree.sh" script, which is provided with the Code Signing Tool, I can enter a certificate validity duration of max. 20 years.</P><P></P><P>What happens after 20 year? Does the i.mx28 not boot anymore? Am I not able to sign software anymore? Or do I have to add new CSF and IMG certificates to sign software with them?</P><P></P><P>My questions are: Who checks the certificate duration and when? Which certificates have a limited duration (I assume the root-certificate has unlimited duration)?</P><P></P><P>Best regards,</P><P>Chris</P></BODY></HTML> Tue, 11 Jun 2013 13:13:23 GMT https://community.nxp.com/t5/i-MX-Processors/High-Assurance-Boot-Certificate-Validity/m-p/286883#M33937 christopherpres 2013-06-11T13:13:23Z https://community.nxp.com/t5/i-MX-Processors/High-Assurance-Boot-Certificate-Validity/m-p/286884#M33938 <HTML><HEAD></HEAD><BODY><P>Hi Chris,</P><P></P><P>Currently, if the validity period of the certificate expires nothing will happen.&nbsp; The ROM/HAB does not enforce certificate validity periods and the Code Signing Tool will still allow code to be signed.&nbsp; The intent is to enforce the cert validity periods with the code signing tool.&nbsp; However, feature has not yet been added and is planned as an update to the code signing tool.</P><P></P><P>Regards,</P><P>-Rod</P><P><BR /> </P></BODY></HTML> Tue, 11 Jun 2013 22:46:25 GMT https://community.nxp.com/t5/i-MX-Processors/High-Assurance-Boot-Certificate-Validity/m-p/286884#M33938 rodz 2013-06-11T22:46:25Z https://community.nxp.com/t5/i-MX-Processors/High-Assurance-Boot-Certificate-Validity/m-p/286885#M33939 <HTML><HEAD></HEAD><BODY><P>Hi Rod,</P><P>Any update on the certificate expiry and certificate revocation and if the fuses can be revoked?</P><P></P><P>Regards,</P><P>Guru</P></BODY></HTML> Thu, 20 Oct 2016 08:47:23 GMT https://community.nxp.com/t5/i-MX-Processors/High-Assurance-Boot-Certificate-Validity/m-p/286885#M33939 gurukottur 2016-10-20T08:47:23Z