@Bio Thank you for your previous clarifications.
I have a critical follow-up regarding the security logic and the SRK migration process during a firmware update.
Our Current Scenario: Normal Boot: The device boots using SRK1 (Index 0). The chain of trust is fully established: ROM -> Bootloader (SRK1) -> Application (SRK1).
Firmware Update: While the system is running under the trust of SRK1, we download a new full image (BS + App) into SDRAM, signed with SRK2 (Index 1).
Verification: The currently running Bootloader calls hab_rvt.authenticate_image() to verify the new image in SDRAM.
My questions are:
1. Regarding runtime SRK switching: Can you confirm that the HAB library allows the execution of a new [Install SRK] command with Source index = 1 (SRK2) within the same power cycle, even if SRK1 was used for the initial boot?
2. Regarding revocation in the same cycle: Would it be possible, during this update process, to revoke SRK1 (by burning the SRK_REVOKE eFuse), then install SRK2 and perform the verification of the new RAM image, all within the same power cycle? Thank you