Hello,

We are currently working on enabling Secure Boot (HAB) on the i.MX RT1176 and are observing unexpected behavior related to SRK revocation.

We have implemented a complete chain of trust with multiple binaries stored in NOR Flash, each binary being individually signed. Authentication works correctly, and SRK selection is well controlled. 

We have burned the SRK_REVOKE fuse corresponding to SRK index 1 using the OCOTP controller. The fuse programming completes successfully, and the programmed value is persistent.

In the CSF, we are also using the following configuration:
[Unlock]
Engine = OCOTP
Features = SRK_REVOKE

However, despite revoking SRK1:

• An image signed with SRK1 is still successfully authenticated

• No HAB events or errors are reported (HAB_SUCCESS)

• The boot process continues normally, as if the key were not revoked

Any guidance or clarification on the correct SRK revocation flow on RT1176 would be greatly appreciated.  

THANK YOU 

Hi @yosri_c ,

Thanks for your interest in NXP MIMXRT series!

Based on the information you provided, CSF selected SRK1 (index=0) and then unlocked the SRK_REVOKE eFuse bit. However, have you actually programmed the SRK_REVOKE bit? It would be best to read it via the host computer and cross-verify it with your experimental results. Additionally, this document will be helpful to you: https://community.nxp.com/t5/i-MX-Security/i-MX-8MQ-SRK-Revocation-limitations-in-HAB-Closed-configu...

Best regards,
Gavin

hi @Gavin_Jia 

Thank you for your response  .

i already read the programmed value using the OCOTP_ReadFuseShadowRegisterExt from OCOTP , and i can see that the value correspond to the desired mask , yet the revoked SRK is still usable in a closed configuration , i tried with index 0 and index 1 and still have the same result