- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- i.MX フォーラム
- :
- i.MXプロセッサ
- :
- HABv4 Handling of Certificates
HABv4 Handling of Certificates
オプション
- RSS フィードを購読する
- トピックを新着としてマーク
- トピックを既読としてマーク
- このトピックを現在のユーザーにフロートします
- ブックマーク
- 購読
- ミュート
- 印刷用ページ
HABv4 Handling of Certificates
11-10-2025
01:53 PM
262件の閲覧回数
rnicolls
Contributor IV
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hi,
When creating a certificates for authenticating with the HABv4, does the expiry data matter? Will the HABv4 check the expiry data and prevent the device from booting up? Or will the device continue to bootup and run the code?
Also, will it matter for the tools that are signing the image that we're programming onto our device. Will they refuse to sign once the certificate has expired?
We're working with an IMXRT1176.
Thanks,
Rory
1 返信
11-11-2025
07:19 AM
211件の閲覧回数
Bio_TICFSL
NXP TechSupport
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hello,
The expiry date in certificates used for HABv4 authentication does not impact the device's ability to boot. The Hardware Authenticated Boot (HAB) on i.MX RT processors, including your IMXRT1176, does not verify certificate expiration dates during the boot process. This means that:
1. A signed image will continue to boot on a closed (locked) device regardless of whether the certificate has expired.
2. Your device will not be prevented from booting up due to an expired certificate.
3. The duration value entered during PKI tree generation (with hab4_pki_tree.sh) is required by the X.509 standard but is not enforced by the HAB hardware.
As for the signing tools, they may refuse to sign new images once the certificate has expired, but this only affects the host PC running the Code Signing Tool (CST), not the target device itself. If you plan to continue signing images for an extended period, you can set a longer duration (such as 10-20 years) when generating your PKI tree.
This behavior is consistent across the i.MX RT series and other i.MX processors that use HABv4.
Regards
