Hab encrpyted image boot for rt1050

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Hab encrpyted image boot for rt1050

664 Views
jimhuang2
Contributor III

Hi all,

I want to create hab encrypted image boot for the rt1050 evkb, I have some trouble about certificate authority and the dek.

HAB Security Boot 

1. CA step issue: The BootRom can verify CA by the public key, Where the public key be stored to provide BootRom?

2. Dek step issue: DEK is generated from random numbers by the Code Signing Tool (CTS). When I upgrade boot image, I have to used dek to generated dek blok and attached to boot image, I'm not sure, can it run?

3. After mass production, We need to maintain private key, public key and dek, is it right?

Best Regard,

Jim

Labels (1)
0 Kudos
1 Reply

545 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi JingHuan Huang ,

   Sorry for our later reply!

   Before answer your question, I highly recommend you read the AN12079(how to use I.MXRT Security Boot) at first, then it will make you more clear.

   https://www.nxp.com/webapp/sps/download/mod_download.jsp?colCode=AN12079&appType=moderated 

   Now, answer your questions:

1. CA step issue: The BootRom can verify CA by the public key, Where the public key be stored to provide BootRom?

 Answer: Public key is stored in the RT eFUSE SRK area.

2. Dek step issue: DEK is generated from random numbers by the Code Signing Tool (CTS). When I upgrade boot image, I have to used dek to generated dek blok and attached to boot image, I'm not sure, can it run?

Answer: Dek.bin is the random number, I think you also can use the old dek.bin, but if you want to use the new dek.bin, it's also OK, just do the new operation steps. I suggest you use the new dek when you use the new app code.

3. After mass production, We need to maintain private key, public key and dek, is it right?

Answer: Yes, if you want to program more product, it's better to maintain it.

Wish it helps you!

If you still have questions about it, please kindly let me know.

Have a great day,
Kerry

 

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

 

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------