Issue with SRK Fuses Hash Generation

BiHDeveloper · ‎09-18-2024

Hello,

I am using the i.MX RT1052 processor along with the MCUExpresso Secure Provisioning Tool v5. I have generated a one set of keys including SRK, CA, IMG, and CSF keys.

I noticed that the provisioning tool uses srktool.exe to generate the SRK_fuses.bin and SRK_hash.bin files.

I assumed that if I calculate the SHA-256 hash of the SRK1 public key, I would get the value that is written to the fuses (as represented in the SRK_fuses.bin). However, I am unable to match this value no matter how I calculate it.

Where am I going wrong? Also, could you explain what exactly the SRK_hash.bin represents?

Thank you!

Gavin_Jia · ‎09-23-2024

Hi @BiHDeveloper ,

Thanks for your interest in NXP MIMXRT series!

I can't disclose the details of how the calculations are done to you here, merely providing a direction for you to try. If further support is required, you will need to go to the portal and submit a ticket and provide an NDA. Thank you for your understanding!

The default is to use four sets of keys, extract the public keys of the four SRKs from the SRK table, then hash them, and finally splice all the hashes and compute to get the final SHA256 hash.

And SRK_table=SRK_hash.bin

Best regards,
Gavin