- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- HAB_SELF_KEY_ISSUE
HAB_SELF_KEY_ISSUE
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
HAB_SELF_KEY_ISSUE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Team,
We need to generate our own key and after done the below steps I am facing some issue . please check it and do needful for me . Please check the full process .
./hab4_pki_tree.sh
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This script is a part of the Code signing tools for Freescale's
High Assurance Boot. It generates a basic PKI tree. The PKI
tree consists of one or more Super Root Keys (SRK), with each
SRK having two subordinate keys:
+ a Command Sequence File (CSF) key
+ Image key.
Additional keys can be added to the PKI tree but a separate
script is available for this. This this script assumes openssl
is installed on your system and is included in your search
path. Finally, the private keys generated are password
protectedwith the password provided by the file key_pass.txt.
The format of the file is the password repeated twice:
my_password
my_password
All private keys in the PKI tree are in PKCS #8 format will be
protected by the same password.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Do you want to use an existing CA key (y/n)?: y
Enter CA key name: STJ12345
Enter CA certificate name: STJSECUREBOOT
Do you want to use Elliptic Curve Cryptography (y/n)?: n
Enter key length in bits for PKI tree: 2048
Enter PKI tree duration (years): 10
How many Super Root Keys should be generated? 4
Do you want the SRK certificates to have the CA flag set? (y/n)?: y
A default 'serial' file was created!
A default file 'key_pass.txt' was created with password = test!
++++++++++++++++++++++++++++++++++++++++
+ Generating SRK key and certificate 1 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 2048 bit long modulus (2 primes)
..............................+++++
..........+++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
Can't open STJ12345.pem for reading, No such file or directory
139889208842048:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('STJ12345.pem','r')
139889208842048:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load CA private key
Can't open ../crts/SRK1_sha256_2048_65537_v3_ca_crt.pem for reading, No such file or directory
140669524993856:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/SRK1_sha256_2048_65537_v3_ca_crt.pem','r')
140669524993856:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating CSF key and certificate 1 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 2048 bit long modulus (2 primes)
..................+++++
.....+++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
Can't open ../crts/SRK1_sha256_2048_65537_v3_ca_crt.pem for reading, No such file or directory
140443417438016:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/SRK1_sha256_2048_65537_v3_ca_crt.pem','r')
140443417438016:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
Can't open ../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem for reading, No such file or directory
140359138977600:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem','r')
140359138977600:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating IMG key and certificate 1 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 2048 bit long modulus (2 primes)
................................................+++++
.....................................+++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
Can't open ../crts/SRK1_sha256_2048_65537_v3_ca_crt.pem for reading, No such file or directory
140660236867392:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/SRK1_sha256_2048_65537_v3_ca_crt.pem','r')
140660236867392:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
Can't open ../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem for reading, No such file or directory
139938271336256:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem','r')
139938271336256:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating SRK key and certificate 2 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 2048 bit long modulus (2 primes)
....................................................................................+++++
...+++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
Can't open STJ12345.pem for reading, No such file or directory
140461707548480:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('STJ12345.pem','r')
140461707548480:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load CA private key
Can't open ../crts/SRK2_sha256_2048_65537_v3_ca_crt.pem for reading, No such file or directory
140388714141504:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/SRK2_sha256_2048_65537_v3_ca_crt.pem','r')
140388714141504:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating CSF key and certificate 2 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 2048 bit long modulus (2 primes)
...................................................................................................+++++
...................................+++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
Can't open ../crts/SRK2_sha256_2048_65537_v3_ca_crt.pem for reading, No such file or directory
139995852949312:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/SRK2_sha256_2048_65537_v3_ca_crt.pem','r')
139995852949312:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
Can't open ../crts/CSF2_1_sha256_2048_65537_v3_usr_crt.pem for reading, No such file or directory
140257066841920:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/CSF2_1_sha256_2048_65537_v3_usr_crt.pem','r')
140257066841920:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating IMG key and certificate 2 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 2048 bit long modulus (2 primes)
.............................................................................................+++++
..+++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
Can't open ../crts/SRK2_sha256_2048_65537_v3_ca_crt.pem for reading, No such file or directory
140189396019008:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/SRK2_sha256_2048_65537_v3_ca_crt.pem','r')
140189396019008:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
Can't open ../crts/IMG2_1_sha256_2048_65537_v3_usr_crt.pem for reading, No such file or directory
140477171283776:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/IMG2_1_sha256_2048_65537_v3_usr_crt.pem','r')
140477171283776:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating SRK key and certificate 3 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 2048 bit long modulus (2 primes)
.......................+++++
................+++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
Can't open STJ12345.pem for reading, No such file or directory
140199426692928:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('STJ12345.pem','r')
140199426692928:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load CA private key
Can't open ../crts/SRK3_sha256_2048_65537_v3_ca_crt.pem for reading, No such file or directory
140036135479104:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/SRK3_sha256_2048_65537_v3_ca_crt.pem','r')
140036135479104:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating CSF key and certificate 3 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 2048 bit long modulus (2 primes)
.......+++++
...........+++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
Can't open ../crts/SRK3_sha256_2048_65537_v3_ca_crt.pem for reading, No such file or directory
140226137646912:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/SRK3_sha256_2048_65537_v3_ca_crt.pem','r')
140226137646912:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
Can't open ../crts/CSF3_1_sha256_2048_65537_v3_usr_crt.pem for reading, No such file or directory
140629534500672:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/CSF3_1_sha256_2048_65537_v3_usr_crt.pem','r')
140629534500672:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating IMG key and certificate 3 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 2048 bit long modulus (2 primes)
.....+++++
.........................+++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
Can't open ../crts/SRK3_sha256_2048_65537_v3_ca_crt.pem for reading, No such file or directory
140115059648320:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/SRK3_sha256_2048_65537_v3_ca_crt.pem','r')
140115059648320:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
Can't open ../crts/IMG3_1_sha256_2048_65537_v3_usr_crt.pem for reading, No such file or directory
140170731870016:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/IMG3_1_sha256_2048_65537_v3_usr_crt.pem','r')
140170731870016:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating SRK key and certificate 4 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 2048 bit long modulus (2 primes)
............................................................................................+++++
.............................................+++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
Can't open STJ12345.pem for reading, No such file or directory
139783788898112:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('STJ12345.pem','r')
139783788898112:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load CA private key
Can't open ../crts/SRK4_sha256_2048_65537_v3_ca_crt.pem for reading, No such file or directory
140251085322048:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/SRK4_sha256_2048_65537_v3_ca_crt.pem','r')
140251085322048:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating CSF key and certificate 4 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 2048 bit long modulus (2 primes)
.............................+++++
...+++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
Can't open ../crts/SRK4_sha256_2048_65537_v3_ca_crt.pem for reading, No such file or directory
140422708868928:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/SRK4_sha256_2048_65537_v3_ca_crt.pem','r')
140422708868928:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
Can't open ../crts/CSF4_1_sha256_2048_65537_v3_usr_crt.pem for reading, No such file or directory
139739998271296:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/CSF4_1_sha256_2048_65537_v3_usr_crt.pem','r')
139739998271296:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
++++++++++++++++++++++++++++++++++++++++
+ Generating IMG key and certificate 4 +
++++++++++++++++++++++++++++++++++++++++
Generating RSA private key, 2048 bit long modulus (2 primes)
....................................+++++
.....................+++++
e is 65537 (0x010001)
Using configuration from ../ca/openssl.cnf
Can't open ../crts/SRK4_sha256_2048_65537_v3_ca_crt.pem for reading, No such file or directory
139869409961792:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/SRK4_sha256_2048_65537_v3_ca_crt.pem','r')
139869409961792:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
Can't open ../crts/IMG4_1_sha256_2048_65537_v3_usr_crt.pem for reading, No such file or directory
139792348456768:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('../crts/IMG4_1_sha256_2048_65537_v3_usr_crt.pem','r')
139792348456768:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to load certificate
Regards ,
Pramod
Like •
Show 0 Likes
0
Reply
Yuri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
CST requires having certificates on file system. To fulfill the requirement, you should pull the certificates,
used for signing to your file system using a utility which manage and use PKCS #11 security tokens.
Please refer to documentation in \release\code\back_end-hsm\doc\ folder of the CST package.
Have a great day,
Yuri
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Yuri ,
I am confuse for public key and privet key .
How to create and how to maintain and how it will work ?
Regards ,
Pramod
Yuri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
If customers need to use previously generated keys - use Hardware Security Module approach
as described in the documentation ( \release\code\back_end-hsm\doc\ ).
Regards,
Yuri.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Yuri ,
I have one more question to you . That after generate the fuse.bin and all there is CA1_sha256_65537_ca.pem CERTIFICATE FILE IS GENERATED where we have to put it to show that the certificate is in the imx6ul machine .
And how to make the uboot and zimage certified .
Thanx & regards ,
Pramod
Yuri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Follow app note AN4581 (Secure Boot on i.MX 50, i.MX 53, i.MX 6 and i.MX 7 Series using HABv4).
In particular, the following sections of the app note describes procedure to generate signed image:
3.5 (Create the CSF description file);
3.6 (Generate the CSF binary signature);
3.7 (Attach CSF signature to U-Boot image).
< https://www.nxp.com/docs/en/application-note/AN4581.pdf >
Regards,
Yuri.
