Hi everybody,
I am trying to generate offline CMAC of application code for secure boot implementation. I have tried to use openssl but I was not able to generate CMAC using command line. Is there any tool that can generate CMAC and signatures of the application code. Also I have studied Chain of trust document AN4235 but it was not helpful. Please help
I can recommend two options only:
1. Use CSEc to calculate the BOOT_MAC. Take a look at example 4_secure_boot_add_BOOT_MAC_manual which shows how to calculate the BOOT_MAC "manually":
https://www.nxp.com/webapp/Download?colCode=AN5401&location=null
https://www.nxp.com/webapp/Download?colCode=AN5401SW&location=null
2. Use mentioned OpenSSL. If some support is needed (we do not provide support for this): https://www.openssl.org/support/
Regards,
Lukas
If I use 1st option to generate BOOT_MAC I have few questions.
1. I will use this code "example 4_secure_boot_add_BOOT_MAC_manual" to generate BOOT_MAC of my code. If my application code is stored in p-flash which I downloaded through bootloader, where will "example 4_secure_boot_add_BOOT_MAC_manual" application run?
2. Once I calculate BOOT_MAC do I have to reset microcontroller to verify the BOOT_MAC?
project 4_secure_boot_add_BOOT_MAC_manual is supposed to be executed from RAM memory using a debugger. It is expected that the flash already contains application which should be protected by secure boot.
And yes, BOOT_MAC will be checked by CSEc after next reset.
Regards,
Lukas