Will the HAB information valid for new user image?

ping1 · ‎06-16-2021

Hi, All

I have a few questions regarding the HAB image generated by SPT.

1. If I generate user image with HAB option and programmed into the target, what happen if I update the image later by secondary bootloader? will the HAB information still valid?

2. As the SRK_fuses.bin is already written , I presume I cannot write this file again?

3. I know HAB information (keys and certificates) are attached to user image afterwards, where does it decide to use? what happens if my new image is larger than the first one generated? I use external flash.

4. Or do I have to regenerate new image every time my user image is updated?

Regards!

Ping

ping1 · ‎06-16-2021

Hi, Marek, thanks for reply

I am currently generate my own image.bin file and image_nopadding.bin file and it can be written to product using SPT tool, it is a combined image include both second bootloader and my own application. I am intended to use SPT as a factory programming tool. After that I use secondary bootloader to update software, which works fine at the moment, just no any security features.

I wonder what is the best way to add a bit of security to it, if every time I update software, and redo HAB image generation, is it possible that the HAB information is downloaded to the product by secondary bootloader too?

By the way, where in flash address area does the HAB(key, certs) intended to use? is it depend on image size?

Regards!

Ping

Regards!

Ping

marek-trmac · ‎06-16-2021

Hi Ping,

you can burn secondary bootloader as a Authenticated image without any secondary application. Then you can control the custom application by your bootloader only and update anytime, because application will not be part of the signature. You can implement your own security for the secondary application.

I think, MCUX SDK contains some example code for secondary bootloader. We do not support this use case directly in SPT tool.

Regards

Marek

Regards,
Marek

NOTE: If you find the answer useful, kindly click on [ACCEPT AS SOLUTION] button

marek-trmac · ‎06-16-2021

Hi ping1,

I suppose your question is related to Authenticated image. Authenticated image contains the source application, image signature and some additional information for the verification of the signature.

If you change source application, you need to sign application again. If the SRK_fuses.bin were already burnt, you MUST use same certificates to sign the updated application.

For the application updates, SB file can be used. However, you can probably also use your custom bootloader.

So based on this info, the answers to your questions are:

1. No. Signature in bootable Authenticated image must be updated.

2. SRK_fuses.bin can be burnt only once.

3. > where does it decide to use?

After processor reset, during booting, before the application is started, it is validated by the ROM bootloader. If signature is valid, it will be executed. If signature is not valid, it will not be executed.

> what happens if my new image is larger than the first one generated? I use external flash.

I recommend to always update Authenticated image in SPT.

4. Or do I have to regenerate new image every time my user image is updated?

Yes.

More information about Authenticated image structure can be found in "Security Reference Manual for the i.MX RT1050 Processor", chapter "3.7 Program image".

Regards

Marek

Regards,
Marek

NOTE: If you find the answer useful, kindly click on [ACCEPT AS SOLUTION] button