帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

HAB Authentication

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

HAB Authentication

‎09-11-2024 04:03 AM
1,243 次查看
SMT
Contributor II

HI Team,

I am working on IMXRT117X series Secure boot concept, it has HAB 4.0 version library. Secure boot is happening properly from BootROM with proper IVT.

I want to make use of HAB authentication for some bytes of data to be authenticated. But i can able to pass Start Address and size of the chunks and not having the provision to pass CSF start address but it is in the IVT table of proper image.

Is it possible to do HAB Authentication for this kind of stuffs or HAB dedicated only for Secure boot?

Kindly clarify and do the needful.

标签 (1)
标签
0 项奖励
回复
3 回复数

‎09-19-2024 12:09 AM
1,154 次查看
SMT
Contributor II

HI HangZhang,

We are trying to verify the SW image (signed for secure boot) from RAM using HAB before we flash the same SW as part of secure SW flashing (OTA update). Because, We dont want to use a separate releaae SW signing here.

When we call the Auhenticate image RVT function, passing the start address of image file in RAM, it actually considers the flash address from CSF mentioned in the signed SW.

Block Address (flash) mentioned in the CSF,
Blocks = 0x30000000 0x1000 0x<size> "xxx.bin",\
0x30002000 0x2000 0x<size> "xxx.bin"

In our case, we want the authenticate function to take the address of image stored in RAM. Is there any authenticate function wherein we can pass addresses dynamically (not from the CSF).

Block Address(RAM) to be considered,
Blocks = 0x60001000 0x1000 0x<size> "xxx.bin",\
0x600002000 0x2000 0x<size> "xxx.bin"

Kindly clarify...

0 项奖励
回复

‎09-24-2024 02:32 AM
1,097 次查看
Harry_Zhang
NXP Employee
NXP Employee

Hi @SMT 

When using the HAB  for secure boot, the authentication process typically relies on the signed image and CSF. The CSF defines the memory addresses where the blocks of the image are located, and HAB uses these addresses during the authentication process.

BR

Hang

0 项奖励
回复

‎09-17-2024 04:38 AM
1,187 次查看
Harry_Zhang
NXP Employee
NXP Employee

Hi @SMT 

Yes, it is possible to use HAB  for authentication of specific bytes of data, not just for secure boot.

You can try to use the HAB related API functions to perform the authentication. 

BR

Hang

回复