I am re-creating the CSF generation within java as we have a security requirement to use TRNG RSA keys. As such, I am now running into one issue, the hash of the public key for secure boot. I have found the three different functions that are being called to create the SHA256 hash within crypto_utils.c however, the parameters that are being passed do not make much sense to me. So, during my testing process I have been just hashing the public key but I will get the
ERROR :: 400 :: Public key hash comparison failed
I have hashed the public key in all of the following formats but my hashes never match those generated by the uni_sign and all subseqent program calls uni_sign uses:
Can someone point me in the right direction? What is the data that needs to be hashed?
I assume you are asking about the SRKH calculation. In the SDK
documentation (e.g. SDK2.0 1703), it shows the CST commands to create
CSF header for above mentioned images
./uni_sign input_files/uni_sign/<platform>/sdboot/input_uboot_secure
CSF Header Format (B4/T1/T2/T4 Platforms) shows 0x08 Srk table flag.
This flag indicates whether hash burnt in srk fuse is of a single key
or of a srk table.
Are you using single key OR key list? That may be what you are missing
from creating the HASH parameters form the CST. CST generates and
stores a SHA-256 hash of the public key/table of 4 keys.
Please refer to the "input_files/uni_sign/<platform>/input_uboot_secure"
for more detail what CST expects.
When performing this hash without the CST, remember to convert the
public key to PEM format, then perform a binary hash of the hex bytes.
Do not perform a string hash of the text.
Thank you for replying Larry,
Thanks for the help so far. Hopefully, we can figure this one out haha!