Hello,
regarding HABv4 on imx8M-mini,
we read on
https://www.nxp.com/docs/en/application-note/AN4581.pdf
at paragraph "5.1.1 Generating PKI tree for fast authentication"
that
“Unless boot time is critical, it is recommended that the SRK have the CA flag, and the CSF and IMG keys used to validate their respective data. The fast authentication feature supplies the user with a faster boot time, at the cost of a less robust signature.”
why the signature is less robust when not using CSF and IMG keys ( when in fast authentication mode ) ?
could you explain this comment ? we can't find a real reason why using fast authentication mode would lead to a less robust signature , does this mean less secure for some reason or in some cases ?
thank you
已解决! 转到解答。
@antonio_santagi
Hello,
It is possible to use new IMG and CSF keys instead of compromised and
sign image again without revoking the SRK.
Regards,
Yuri.
> It is possible to use new IMG and CSF keys instead of compromised and
sign image again without revoking the SRK.
I don't understand what is the value of using new IMG and CSF keys in this case, since the old compromised IMG and CSF keys will still be able to sign valid software, as they are (both old and new IMG and CSF) generated from the same SRK.
And in this case - due to the fact that only SRK hashes are burned to eFuses, while IMG and CSF fuses are not - to revoke the old compromised IMG and CSF keys, one would need to revoke the SRK, thus also revoking any new IMG and CSF keys as well.
@antonio_santagi
Hello,
for standard scheme the SRK is stored by one person / organization, but the CSF and IMG
keys may be used by other person / organization. Under such approach even if the CSF and IMG
keys are compromised - the SRK does not.
Regards,
Yuri.