CST to create signature for digest from HASH of firmware image

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CST to create signature for digest from HASH of firmware image

976 Views
LanBui
Contributor I

Dear NXP supporter,

We are developing security boot solution for our product using I.MX8DQX device. However, from: AN12312.pdf document, we understand that signature is calculated from container header (container header as signed data) and not form FW image as following figure:

LanBui_0-1630400971438.png

Is this possible to change to calculate HASH521 from FW image and used as input for signaure? 

0 Kudos
Reply
1 Reply

963 Views
Yuri
NXP Employee
NXP Employee

@LanBui 
Hello,

   The container signature, shown on the picture, is verified against the SGK key
certificate, which is then verified against the SRK table. Images are not checked
at this stage. But the images are checked / authenticated, using the SGK, later,
as shown on Figure 2 (Secure boot flow overview)  of the app note.

  

Regards,
Yuri.

0 Kudos
Reply