Greetings.
There are two sentences draw my attention in the "i.MX Secure Boot on HABv4 Supported Devices" (AN4581).
First let me show you the "secure boot process overview" diagram in the same document and highlight the area related my confusion.
In the same document, there is a sentence: "On the target device during the authentication process the HABv4 code verifies the hash of the SRK Table against the SoC SRK_HASH[255:0] fuses." Here is the screenshot of full pharagraph:
What my understanding is according the second screenshot, the blue question mark corresponds to "SRK table." in my first screenshot.
In the third screenshot which is actually overview of the diagram, it states that "... On the target, HABv4 evaluates the SRK table included in the signature by hashing it and comparing the result to the SRK fuse values. ..."
but this sentence refutes my initial hypothesis as "SRK table is in the signature".
Please clarify me what i am getting wrong or is there any typo in the document ?
Best regards...
 Harvey021
		
			Harvey021
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi @HEXER
Public key is attached to csf binary file, which then will be part of signed image and used to authenticate.
Best regards
Harvey
