Data covered by HAB4 CSF signature

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Data covered by HAB4 CSF signature

2,022 Views
benjaminh3
Contributor I

What exactly is tampere-proofed by the digital signature of the CSF in case of HAB4? Documentation is not absolutely clear concerning this question. Can anyone tell me, what of this data is signed by the CSF signature? Is this anywhere documented clearly?

  • CSF commands
  • image signing certificates
  • image signatures

I understood that only the first of the three is really signed.

Labels (1)
Tags (2)
0 Kudos
Reply
3 Replies

1,458 Views
thilo_jeremias
Senior Contributor I

The structure of the CSF description is signed.

Also the entry point that is specified in the IVT  and the DCD's need to be covered by the signature.

The sample in the application note AN4581 is accurate.

0 Kudos
Reply

1,458 Views
benjaminh3
Contributor I

What do you mean by "structure"?

CSF commands like Install, Authenticate, ... are one part of the binary csf.Keys and signatures for image used by those commands are stored seperatebly being referenced by addresses.

So, which of these parts are really signed by the CSF signature.

Is integrity of image signatures and certificates secured by CSF signature, or not? Or only that of commands.

This information I cannot find in the docs.

0 Kudos
Reply

1,458 Views
thilo_jeremias
Senior Contributor I

The content of the CSF file ( keys, key number, description of area covered etc... gets converted into a binary structure (i.e. the certificate is included in DER form. )

This complete structure is signed.  

The content of the structure describes what else is covered by the signature. I am not sure how the details of the signing work.

Depending of the HAB version there is a fast verify that only uses the one of the SRK's  or the old way which uses 2 certificates (the SRK one and a separate siginign certificate). But the CSF including the certs and the refrenced memory, is verified.

Simple answer: Yes the integrity of both is secured.

0 Kudos
Reply