FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

HAB Authentication

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HAB Authentication

‎09-11-2024 04:03 AM
1,242 Views
SMT
Contributor II

HI Team,

I am working on IMXRT117X series Secure boot concept, it has HAB 4.0 version library. Secure boot is happening properly from BootROM with proper IVT.

I want to make use of HAB authentication for some bytes of data to be authenticated. But i can able to pass Start Address and size of the chunks and not having the provision to pass CSF start address but it is in the IVT table of proper image.

Is it possible to do HAB Authentication for this kind of stuffs or HAB dedicated only for Secure boot?

Kindly clarify and do the needful.

Labels (1)
Labels
0 Kudos
Reply
3 Replies

‎09-19-2024 12:09 AM
1,153 Views
SMT
Contributor II

HI HangZhang,

We are trying to verify the SW image (signed for secure boot) from RAM using HAB before we flash the same SW as part of secure SW flashing (OTA update). Because, We dont want to use a separate releaae SW signing here.

When we call the Auhenticate image RVT function, passing the start address of image file in RAM, it actually considers the flash address from CSF mentioned in the signed SW.

Block Address (flash) mentioned in the CSF,
Blocks = 0x30000000 0x1000 0x<size> "xxx.bin",\
0x30002000 0x2000 0x<size> "xxx.bin"

In our case, we want the authenticate function to take the address of image stored in RAM. Is there any authenticate function wherein we can pass addresses dynamically (not from the CSF).

Block Address(RAM) to be considered,
Blocks = 0x60001000 0x1000 0x<size> "xxx.bin",\
0x600002000 0x2000 0x<size> "xxx.bin"

Kindly clarify...

0 Kudos
Reply

‎09-24-2024 02:32 AM
1,096 Views
Harry_Zhang
NXP Employee
NXP Employee

Hi @SMT 

When using the HAB  for secure boot, the authentication process typically relies on the signed image and CSF. The CSF defines the memory addresses where the blocks of the image are located, and HAB uses these addresses during the authentication process.

BR

Hang

0 Kudos
Reply

‎09-17-2024 04:38 AM
1,186 Views
Harry_Zhang
NXP Employee
NXP Employee

Hi @SMT 

Yes, it is possible to use HAB  for authentication of specific bytes of data, not just for secure boot.

You can try to use the HAB related API functions to perform the authentication. 

BR

Hang

Reply