Fails to create i.MX93 SRK table

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Fails to create i.MX93 SRK table

1,005件の閲覧回数
tperrot
Contributor II

i.MX93 is using SRK hash of 256bits, but the srktool command describe in the AHAB documentation fails:

../linux64/bin/srktool -a -d sha256 -s sha384 -t SRK_1_2_3_4_table.bin \
      -e SRK_1_2_3_4_fuse.bin -f 1 -c \
      SRK1_sha384_secp384r1_v3_usr_crt.pem,\
      SRK2_sha384_secp384r1_v3_usr_crt.pem,\
      SRK3_sha384_secp384r1_v3_usr_crt.pem,\
      SRK4_sha384_secp384r1_v3_usr_crt.pem
[ERROR] SRKTOOL: Unsupported message digest algorithm

Can you advise me to fix this issue ?

タグ(5)
0 件の賞賛
返信
5 返答(返信)

839件の閲覧回数
tperrot
Contributor II

Thx, the new CST fixes my issue.

890件の閲覧回数
tperrot
Contributor II

Hello,

Thx, I used the new CST, so my issue to generate SRK 256bits no longer occurs.

Then I burned the SRK into i.MX93 fuses then the ahab_status return following events (errors):

=> ahab_status 
Lifecycle: 0x00000008, OEM Open
0x0287fad6
IPC = MU APD (0x2)
CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
IND = ELE_BAD_KEY_HASH_FAILURE_IND (0xFA)
STA = ELE_SUCCESS_IND (0xD6)

 Can you advise me to fix it?

0 件の賞賛
返信

978件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

Which cst are you using and better share more information like how you generate pki?

 

Regards

Harvey 

0 件の賞賛
返信

967件の閲覧回数
tperrot
Contributor II

Hello,

I'm using CST 3.1.0 that has been download from the following uri, a few days ago:

i.MX High Assurance Boot Reference Code Signing Tool

I followed instructions in AN12312 to generate pki:

 ./ahab_pki_tree.sh 
Do you want to use an existing CA key (y/n)?: n
Do you want to use Elliptic Curve Cryptography (y/n)?: y
Enter length for elliptic curve to be used for PKI tree:
Possible values p256, p384, p521: p384
Enter the digest algorithm to use: sha384
Enter PKI tree duration (years): 10
Do you want the SRK certificates to have the CA flag set? (y/n)?: n


Moreover, "-d" seems only allowed with "-h4".

0 件の賞賛
返信

960件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

For i.MX93, should use the new CST as: IMX_CST_TOOL_NEW 

 

Regards

Harvey

0 件の賞賛
返信