I am re-creating the CSF generation within java as we have a security requirement to use TRNG RSA keys. As such, I am now running into one issue, the hash of the public key for secure boot. I have found the three different functions that are being called to create the SHA256 hash within crypto_utils.c however, the parameters that are being passed do not make much sense to me. So, during my testing process I have been just hashing the public key but I will get the
ERROR :: 400 :: Public key hash comparison failed
I have hashed the public key in all of the following formats but my hashes never match those generated by the uni_sign and all subseqent program calls uni_sign uses:
Can someone point me in the right direction? What is the data that needs to be hashed?
I assume you are asking about the SRKH calculation. In the SDK
documentation (e.g. SDK2.0 1703), it shows the CST commands to create
CSF header for above mentioned images
CSF Header Format (B4/T1/T2/T4 Platforms) shows 0x08 Srk table flag.
This flag indicates whether hash burnt in srk fuse is of a single key
or of a srk table.
Are you using single key OR key list? That may be what you are missing
from creating the HASH parameters form the CST. CST generates and
stores a SHA-256 hash of the public key/table of 4 keys.
Please refer to the "input_files/uni_sign/<platform>/input_uboot_secure"
for more detail what CST expects.
When performing this hash without the CST, remember to convert the
public key to PEM format, then perform a binary hash of the hex bytes.
Do not perform a string hash of the text.
Thank you for replying Larry,
Thanks for the help so far. Hopefully, we can figure this one out haha!