When generate KPI keys tree used in secure boot by hab4_pki_tree.sh.
What is the maximum years of the PKI tree keys duration?
What would happen if this max duration is expired?
Solved! Go to Solution.
@changbaoma
Hello,
Customers can try to input 200 or 1000 years.
Note: i.MX devices are qualified for 10 - 15 years on continuous operation.
Regards,
Yuri.
Hi, Yuri
I have read your post above, but also confuse me.
What is the maximum duration can i set? 10 years? or 1000 years? or more?
If the KPI keys are valid for 10 years, can the current generated KPI keys be used to sign a new image after 10 years? Or i must to generated new KPI keys at that time.
Use 10 year - no need to modify the keys after this period.
~Yuri.
Our customs may use our products 50 years,even 200 years.
During this period, we need to do equipment maintenance all the time, and will still upgrade and re-sign zImage.
can we input 200 (years) even 1000 years? @Yuri
@changbaoma
Hello,
Customers can try to input 200 or 1000 years.
Note: i.MX devices are qualified for 10 - 15 years on continuous operation.
Regards,
Yuri.