HAB verify boot scripts and other binary data

paul_holmquist · ‎11-07-2018

Is it possible to use the HAB interface to verify signature of non-image data such as boot-script? I noticed this being referenced in the Digi board ccimx6sbc UBoot code to check signature of a boot-script using HAB interface before running it. I'd also like to verify other binary data that I would sign using same PKI tree for images.

Seems like all I would need to do would be to perform all the padding and add a fake IVT data region before signing it using the CST tool (similar to how a kernel image gets signed). The IVT can be fake since I'm not expecting to execute as an image (calling the HAB ROM interface directly, hab_rvt::authenticate_image()).

Thanks.

Yuri · ‎11-08-2018

Hello,

Yes, it is possible

Look at section 3.4 (Authenticate Image) of "HAB4_API.pdf" in documentation

of CST 3.1.0 package.

https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL

Have a great day,

Yuri

------------------------------------------------------------------------------

Note: If this post answers your question, please click the Correct Answer

button. Thank you!

HAB verify boot scripts and other binary data

HAB verify boot scripts and other binary data

i.MX6_All