FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

PKI HABv4 CA flag set

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

PKI HABv4 CA flag set

Jump to solution
‎06-14-2021 07:20 AM
1,097 Views
antonio_santagi
Contributor IV

Hello,

 regarding HABv4 on imx8M-mini, 

we read on 

https://www.nxp.com/docs/en/application-note/AN4581.pdf 

at paragraph "5.1.1 Generating PKI tree for fast authentication"

that 

“Unless boot time is critical, it is recommended that the SRK have the CA flag, and the CSF and IMG keys used to validate their respective data. The fast authentication feature supplies the user with a faster boot time, at the cost of a less robust signature.”

why the signature is less robust when not using CSF and IMG keys ( when in fast authentication mode ) ?

could you explain this comment ? we can't find a real reason why using fast authentication mode would lead to a less robust signature , does this mean less secure for some reason or in some cases ?

 

thank you 

 

0 Kudos
Reply
1 Solution

Jump to solution
‎06-15-2021 08:28 PM
1,057 Views
Yuri
NXP Employee
NXP Employee

@antonio_santagi 
Hello,

    It is possible to use new IMG and CSF keys instead of compromised and
sign image again without revoking the SRK.

Regards,
Yuri.

View solution in original post

0 Kudos
Reply
4 Replies

Jump to solution
‎06-15-2021 12:21 AM
1,085 Views
antonio_santagi
Contributor IV

Yes, but if then you want to revoke compromised keys you need to revoke the correspondent SRK key, you can't revoke the IMG and CSF keys.

0 Kudos
Reply

Jump to solution
‎06-15-2021 08:28 PM
1,058 Views
Yuri
NXP Employee
NXP Employee

@antonio_santagi 
Hello,

    It is possible to use new IMG and CSF keys instead of compromised and
sign image again without revoking the SRK.

Regards,
Yuri.

0 Kudos
Reply

Jump to solution
‎08-01-2023 11:36 AM
407 Views
leonardoveiga
Contributor I

It is possible to use new IMG and CSF keys instead of compromised and
sign image again without revoking the SRK.

I don't understand what is the value of using new IMG and CSF keys in this case, since the old compromised IMG and CSF keys will still be able to sign valid software, as they are (both old and new IMG and CSF) generated from the same SRK.

And in this case - due to the fact that only SRK hashes are burned to eFuses, while IMG and CSF fuses are not - to revoke the old compromised IMG and CSF keys, one would need to revoke the SRK, thus also revoking any new IMG and CSF keys as well.

0 Kudos
Reply

Jump to solution
‎06-14-2021 10:58 PM
1,089 Views
Yuri
NXP Employee
NXP Employee

@antonio_santagi
Hello,

   for standard scheme the SRK is stored by one person / organization, but  the CSF and IMG
keys may be used by other person / organization. Under such approach even if the CSF and IMG
keys are compromised - the SRK does not.

 

Regards,
Yuri.

 

0 Kudos
Reply