- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
Data covered by HAB4 CSF signature
What exactly is tampere-proofed by the digital signature of the CSF in case of HAB4? Documentation is not absolutely clear concerning this question. Can anyone tell me, what of this data is signed by the CSF signature? Is this anywhere documented clearly?
- CSF commands
- image signing certificates
- image signatures
I understood that only the first of the three is really signed.
The structure of the CSF description is signed.
Also the entry point that is specified in the IVT and the DCD's need to be covered by the signature.
The sample in the application note AN4581 is accurate.
What do you mean by "structure"?
CSF commands like Install, Authenticate, ... are one part of the binary csf.Keys and signatures for image used by those commands are stored seperatebly being referenced by addresses.
So, which of these parts are really signed by the CSF signature.
Is integrity of image signatures and certificates secured by CSF signature, or not? Or only that of commands.
This information I cannot find in the docs.
The content of the CSF file ( keys, key number, description of area covered etc... gets converted into a binary structure (i.e. the certificate is included in DER form. )
This complete structure is signed.
The content of the structure describes what else is covered by the signature. I am not sure how the details of the signing work.
Depending of the HAB version there is a fast verify that only uses the one of the SRK's or the old way which uses 2 certificates (the SRK one and a separate siginign certificate). But the CSF including the certs and the refrenced memory, is verified.
Simple answer: Yes the integrity of both is secured.
