ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

CST: Authenticate UBoot at power-on and before updating

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

CST: Authenticate UBoot at power-on and before updating

‎08-31-2022 01:29 AM
1,284件の閲覧回数
MTH
Contributor I

Hello,

I'm currently working on IMX6UL and I would like to use the code signing tool to authenticate UBoot image in two use cases:

1. During uboot update, before writing firmware in eMMC, to ensure we don't store untrusted software.

2. At boot using secure boot with HAB4

The CST tool seems to wait for the load address of the block to authenticate in the .csf file, but the position of the downloaded uboot and the address of the executed uboot are not the same!

Is there a way to fulfill both use cases with a signle signature?

Best regards,

MTH

ラベル(1)
ラベル
タグ(2)
0 件の賞賛
返信
2 返答(返信)

‎09-01-2022 03:23 AM
1,272件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

Hi @MTH 

A key feature of the boot ROM is the ability to perform a secure boot, also known as a High-Assurance Boot (HAB). ROM Code starts by verifying the signed image in the boot medium, which is generally the bootloader (including uboot, atf and other firmware), and then if there is additional image or software to be signed, that is the way to extend the root of trust.

I do not quite catch that " During uboot update, before writing firmware in eMMC, to ensure we don't store untrusted software." Can you please explain more?

There are two ways for your reference.

The first method is to put the signed uboot on the real load address and then use the HAB ROM API to verify it.

Or, take the signed uboot as a whole, like a zimage, and wrap the signed uboot with the IMAGE signature method, then call the ROM HAB API to verify it.

 

Best regards

Harvey

0 件の賞賛
返信

‎09-06-2022 12:51 AM
1,266件の閲覧回数
MTH
Contributor I

Hi @Harvey021 ,

Thank you for your reply.

Here are my use cases:

1. I'd like to boot uboot from eMMC using secure boot (authentication by HAB) and execute it in DDR

2. Download a new uboot image with tftp to another place in DDR and authenticate it before overwriting the previous image in eMMC.

This means that the image I download in tftp is not at the same location as the image currently being executed in DDR.

Unless I misunderstood, I guess you replied my question with your second method. I need two different signatures for each use case. One for secure boot at startup and another signature for authentication of the newly downloaded uboot image.

Am I right?

Best regards

MTH

 

0 件の賞賛
返信