帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Code Signing Tools 2.3.2, Elliptic Curve Crptography

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Code Signing Tools 2.3.2, Elliptic Curve Crptography

‎05-05-2016 04:17 AM
2,844 次查看
jdepedro
Contributor IV


I noticed in the last version of the Code Signing Tools (CST-2.3.2) released some days ago there is a new option allowing to choose to use Elliptic Curve Cryptography when using the hab4_pki_tree for generatingthe PKI tree.

Is there support for using Elliptic Curve Crpytography in any version of HAB 4.x ?

0 项奖励
回复
4 回复数

‎05-05-2016 11:13 PM
2,251 次查看
Yuri
NXP Employee
NXP Employee

Hello,

  Generally HAB4 boot ROM in software supports the ECC and some CAAMs

(say, in i.MX6UL) provides hardware acceleration of ECC operations, but

NXP does not use it. In particular, HAB4 is based on RSA-4096.

Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 项奖励
回复

‎12-19-2016 04:50 AM
2,251 次查看
satyadamarla
Contributor III

Hello Yuri,

I observed that the cst generates the certificates and keys required but the tool srktool which generates the Table and the efuse doesn't support or is unable to parse the ECC based certifcates and gives out the following error:

srktool: Error - Unsupported algorithm in X.509 certificate

Does this mean that even though Boot ROM can use ECC, the tool that generates the table and efuse doesn't support it? In this case, the cst-2.3.2 update is the only solution. 

Am I in the right line of thought?

Greets,

Satya

0 项奖励
回复

‎12-21-2016 01:40 AM
2,251 次查看
Yuri
NXP Employee
NXP Employee

Hello,

 Shortly : currently IMX HAB does not support Elliptic Curve Crpytography.

Regards,

Yuri.

0 项奖励
回复

‎03-19-2020 10:51 PM
2,251 次查看
emptyfridge
Contributor III

Hi all,

Yesterday I've tried to check hab_status with signed u-boot and SRK's wirtten. All done with Elliptic Curve. HAB events all the time.

Same procedure with RSA 2048 bit. no HAB events on hab_status. 

Is ECC still not supportet from HAB? 

U-Boot 2018.11+fslc+g6e25ce6f3c (Mar 19 2020 - 12:10:20 +0000)

CPU: Freescale i.MX6SX rev1.2 at 792 MHz
Reset cause: WDOG
Board: LEP3
DRAM: 512 MiB
MMC: FSL_SDHC: 0, FSL_SDHC: 1

thanks, regards

tom

0 项奖励
回复