HAB

wasimarfath · ‎03-07-2024

I am Implementing the secondary bootloader in IMXRT1020, which will authenticate the application code, I achieved the execution branching from one binary to another binary, and I signed the secondary bootloader image using secure provisioning tool, Now I got stuck at How to use HAB APIs in custom bootloader to authenticate the signed application code, I didn't find any document online which give me the clear picture how the ROM bootloader will authenticate the signed image, please help me what are the things i need to consider in my custom bootloader with respect to application authentication. Thank you.

Regards,

Wasim arfath.

diego_charles · ‎03-13-2024

Hi @wasimarfath

Thanks for reaching out and for your patience.

Currently available documents and references that I think are of useful are below:

High Assurance Boot Version 4 Application Programming Interface Reference Manual from the code signing tool , AN12263 HABv4 RVT Guidelines and Recommendations, and the https://github.com/nxp-mcuxpresso/sbl This bootloader does implement the API, since it can boot signed images.

refer to https://github.com/nxp-mcuxpresso/sbl/tree/master/component/secure/semifunc and https://github.com/nxp-mcuxpresso/sbl/blob/master/doc/MCUOTASBLSFWUG.pdf

I hope this could help you.

Diego