FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

CST: Authenticate UBoot at power-on and before updating

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CST: Authenticate UBoot at power-on and before updating

‎08-31-2022 01:29 AM
618 Views
MTH
Contributor I

Hello,

I'm currently working on IMX6UL and I would like to use the code signing tool to authenticate UBoot image in two use cases:

1. During uboot update, before writing firmware in eMMC, to ensure we don't store untrusted software.

2. At boot using secure boot with HAB4

The CST tool seems to wait for the load address of the block to authenticate in the .csf file, but the position of the downloaded uboot and the address of the executed uboot are not the same!

Is there a way to fulfill both use cases with a signle signature?

Best regards,

MTH

Labels (1)
Labels
Tags (2)
0 Kudos
Reply
2 Replies

‎09-01-2022 03:23 AM
606 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi @MTH 

A key feature of the boot ROM is the ability to perform a secure boot, also known as a High-Assurance Boot (HAB). ROM Code starts by verifying the signed image in the boot medium, which is generally the bootloader (including uboot, atf and other firmware), and then if there is additional image or software to be signed, that is the way to extend the root of trust.

I do not quite catch that " During uboot update, before writing firmware in eMMC, to ensure we don't store untrusted software." Can you please explain more?

There are two ways for your reference.

The first method is to put the signed uboot on the real load address and then use the HAB ROM API to verify it.

Or, take the signed uboot as a whole, like a zimage, and wrap the signed uboot with the IMAGE signature method, then call the ROM HAB API to verify it.

 

Best regards

Harvey

0 Kudos
Reply

‎09-06-2022 12:51 AM
600 Views
MTH
Contributor I

Hi @Harvey021 ,

Thank you for your reply.

Here are my use cases:

1. I'd like to boot uboot from eMMC using secure boot (authentication by HAB) and execute it in DDR

2. Download a new uboot image with tftp to another place in DDR and authenticate it before overwriting the previous image in eMMC.

This means that the image I download in tftp is not at the same location as the image currently being executed in DDR.

Unless I misunderstood, I guess you replied my question with your second method. I need two different signatures for each use case. One for secure boot at startup and another signature for authentication of the newly downloaded uboot image.

Am I right?

Best regards

MTH

 

0 Kudos
Reply