For HABv4, we have option of generating up to four keys. In all the examples that I have seen, it uses the first set of keys to authenticate.
How can we specify in the CSF to use the other keys instead? From the CST User Guide, it states in Section 3.2.1:
"Only one of the SRKs in the table may be slected for use on the NXP Processor reset cycle. The selection of which SRK to use is a parameter within the Install Key CSF command"
For HABv4, we only have two parameters to specify (according to the CST User Guide):
# Index of the key location in the SRK table to be installed
File = "SRK_1_2_3_4_table.bin"
Source index = 0
I assume to use the second set of keys, I would need to change Source Index to 1 and update the CSF commands Install CSFK and Install Key to point to file path of the second set of certificates. However, doing so generates HAB events on my device.
Could NXP help advice on what needs to be updated so that we can use the other SRKs that was generated?
The same SRK must be used when extending the root of trust beyond the initial boot image.
"In the event one or more of the SRKs in the table are compromised, efuses corresponding to the compromised keys can be burned preventing those SRKs from even being used again." this is a use case we'll perform key to revoke.
The previous test was done by just updating kernel only and the kernel authentication failed with the second set of keys.
If I were to reflash the entire device using image that was fully signed with 2nd set of keys, there's no HAB events.
Why doesn't HAB load and install the correct keys as specified by the CSF attached to the kernel image?
Also, is there a way to specify the key to revoke in the CSF for HABv4? Or is this something we need to perform manually with access to device?