https://community.nxp.com/t5/LPC-Microcontrollers/RKTH-in-elftosb-gui/m-p/1030479#M40116 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>The RKTH is&nbsp; 32 byte SHA-256 hash of SHA-256 hashes of up to four root public keys.Multiple root public keys are supported to allow for key revocation.</P><P><span class="lia-inline-image-display-wrapper" image-alt="pastedImage_1.png"><img src="https://community.nxp.com/t5/image/serverpage/image-id/92342i72342CFD0349A528/image-size/large?v=v2&amp;px=999" role="button" title="pastedImage_1.png" alt="pastedImage_1.png" /></span></P><P>You may review the information on<A href="https://www.nxp.com/webapp/Download?colCode=UM11126"> chapter 7 of the user manual</A>&nbsp;for the RKTH. Please let me know if you have further qustions.</P><P>For the "Seal security configuration" checkbox, I will confirm this information and update you as soon as possible.</P><P>Best Regards,</P><P>Sabina</P></BODY></HTML> Thu, 14 Nov 2019 21:38:47 GMT Sabina_Bruce 2019-11-14T21:38:47Z https://community.nxp.com/t5/LPC-Microcontrollers/RKTH-in-elftosb-gui/m-p/1030478#M40115 <HTML><HEAD></HEAD><BODY><P>Hello all</P><P>I have some questions about cmpa and elftosb-gui tool</P><P>1.&nbsp;what is RKTH input in elftosb-gui-&gt;device-&gt;security tab? it is the value of ROTKH[...] in CMPA area? And how to write up to 4 ROTKH in CMPA?</P><P>2. what if&nbsp; i uncheck "!!Seal security configuration!!" when i process the data?</P><P></P><P>Best regards</P><P>Charles</P></BODY></HTML> Mon, 11 Nov 2019 06:15:23 GMT https://community.nxp.com/t5/LPC-Microcontrollers/RKTH-in-elftosb-gui/m-p/1030478#M40115 binjun-charles_ 2019-11-11T06:15:23Z https://community.nxp.com/t5/LPC-Microcontrollers/RKTH-in-elftosb-gui/m-p/1030479#M40116 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>The RKTH is&nbsp; 32 byte SHA-256 hash of SHA-256 hashes of up to four root public keys.Multiple root public keys are supported to allow for key revocation.</P><P><span class="lia-inline-image-display-wrapper" image-alt="pastedImage_1.png"><img src="https://community.nxp.com/t5/image/serverpage/image-id/92342i72342CFD0349A528/image-size/large?v=v2&amp;px=999" role="button" title="pastedImage_1.png" alt="pastedImage_1.png" /></span></P><P>You may review the information on<A href="https://www.nxp.com/webapp/Download?colCode=UM11126"> chapter 7 of the user manual</A>&nbsp;for the RKTH. Please let me know if you have further qustions.</P><P>For the "Seal security configuration" checkbox, I will confirm this information and update you as soon as possible.</P><P>Best Regards,</P><P>Sabina</P></BODY></HTML> Thu, 14 Nov 2019 21:38:47 GMT https://community.nxp.com/t5/LPC-Microcontrollers/RKTH-in-elftosb-gui/m-p/1030479#M40116 Sabina_Bruce 2019-11-14T21:38:47Z https://community.nxp.com/t5/LPC-Microcontrollers/RKTH-in-elftosb-gui/m-p/1030480#M40117 <HTML><HEAD></HEAD><BODY><P>Hello Sabina</P><P>Thank you for your reply.</P><P></P><P>Now i understood it is the hash value of RKH table in signed image.&nbsp;</P><P></P><P>I have a further question about up to 4 certificates supported in the LPC55xx.&nbsp; Assuming that i used 4 certificates which are the certificate chain. My understanding is the first one is Root certificate and then intermediate certificates, the last one is end certificate for signing image. When verifying the image, bootloader will go through all the certificates to check if image is authorized. My question is about certificate revocation. In my case, four certificates are&nbsp;<EM style="color: #999999; background-color: #ffffff; font-weight: normal; font-size: 13.600001335144043px;"><SPAN class=""><A data-keyword="an" style="color: #2b77c5; font-weight: bold; text-decoration: none;">an</A> <A data-keyword="integral" style="color: #2b77c5; font-weight: bold; text-decoration: none;">integral</A> <A data-keyword="whole" style="color: #2b77c5; font-weight: bold; text-decoration: none;">whole of trust.&nbsp;</A></SPAN></EM><SPAN class=""><A data-keyword="whole" style="color: #2b77c5; font-weight: bold; text-decoration: none;"><SPAN style="color: #3d3d3d; font-weight: 400;"><SPAN>Any of&nbsp;<SPAN>certificates is revoked&nbsp; means image will not pass verification.</SPAN></SPAN></SPAN></A></SPAN><SPAN class=""><A data-keyword="whole" style="color: #2b77c5; font-weight: bold; text-decoration: none;"><SPAN style="color: #3d3d3d; font-weight: 400;"><STRONG> Is it right? And why can we select which certificate is revoked in CFPA area?.&nbsp;</STRONG></SPAN></A></SPAN></P><P><SPAN style="color: #3d3d3d; font-weight: 400; "><STRONG>And are there any documents about the detailed logic of how to verify the image using certificates in bootloader?</STRONG></SPAN></P><P></P><P><SPAN style="color: #3d3d3d; font-weight: 400; ">Thank you in advance.&nbsp;</SPAN></P><P>Charles</P></BODY></HTML> Wed, 20 Nov 2019 05:59:17 GMT https://community.nxp.com/t5/LPC-Microcontrollers/RKTH-in-elftosb-gui/m-p/1030480#M40117 binjun-charles_ 2019-11-20T05:59:17Z https://community.nxp.com/t5/LPC-Microcontrollers/RKTH-in-elftosb-gui/m-p/1030481#M40118 <HTML><HEAD></HEAD><BODY><P>Hello Charles,</P><P></P><P><SPAN style="color: #51626f; background-color: #ffffff;">Root of Trust key is a key managed by owner of key and this hash is written in PFR (like OTP). During booting ROM will authenticate certificates chain in image. 4 RoT keys are there for revocation possibility. Each RoT is also possible to revocate through serial numbers.</SPAN></P><P><SPAN style="color: #51626f; background-color: #ffffff;">I believe the following two documents will help clarify the use of the above information.</SPAN></P><P><SPAN style="color: #51626f; background-color: #ffffff;"><A href="https://www.nxp.com/docs/en/application-note/AN12283.pdf">LPC55Sxx Secure Boot AN12283</A></SPAN></P><P><SPAN style="color: #51626f; background-color: #ffffff;"><A href="https://www.nxp.com/docs/en/application-note/AN12278.pdf">LPC55S69 Security Solutions for IoT AN12278</A></SPAN></P><P><SPAN style="color: #51626f; background-color: #ffffff;">Please let me know if you have further questions.</SPAN></P><P><SPAN style="color: #51626f; background-color: #ffffff;">Best Regards,</SPAN></P><P><SPAN style="color: #51626f; background-color: #ffffff;">Sabina</SPAN></P></BODY></HTML> Sun, 24 Nov 2019 04:30:49 GMT https://community.nxp.com/t5/LPC-Microcontrollers/RKTH-in-elftosb-gui/m-p/1030481#M40118 Sabina_Bruce 2019-11-24T04:30:49Z