- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
Hi,
I work on a Freescale i.mx28 and I use High Assurance Boot (HAB).
When creating certificates with the "hab4_pki_tree.sh" script, which is provided with the Code Signing Tool, I can enter a certificate validity duration of max. 20 years.
What happens after 20 year? Does the i.mx28 not boot anymore? Am I not able to sign software anymore? Or do I have to add new CSF and IMG certificates to sign software with them?
My questions are: Who checks the certificate duration and when? Which certificates have a limited duration (I assume the root-certificate has unlimited duration)?
Best regards,
Chris
已解决! 转到解答。
Hi Chris,
Currently, if the validity period of the certificate expires nothing will happen. The ROM/HAB does not enforce certificate validity periods and the Code Signing Tool will still allow code to be signed. The intent is to enforce the cert validity periods with the code signing tool. However, feature has not yet been added and is planned as an update to the code signing tool.
Regards,
-Rod
Hi Chris,
Currently, if the validity period of the certificate expires nothing will happen. The ROM/HAB does not enforce certificate validity periods and the Code Signing Tool will still allow code to be signed. The intent is to enforce the cert validity periods with the code signing tool. However, feature has not yet been added and is planned as an update to the code signing tool.
Regards,
-Rod
