ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Secure Boot on i.MX8M - Multiple SRKs throughout the boot process

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

Secure Boot on i.MX8M - Multiple SRKs throughout the boot process

ソリューションへジャンプ
‎07-13-2023 10:31 AM
2,175件の閲覧回数
cdboutin
Contributor I

Hi,

We are currently looking at our options for implementing Secure Boot on our platform which uses the i.MX8MM SoC. Something that will have implications as to how we will manage our keys is the following. If we want to use the HAB for verifying both the boot loader and the Kernel FIT Image, can the two authentication states use keys that are certified by different SRKs? The AN4581 document says : "Only one SRK can be used per reset cycle. All keys must be generated from the same SRK". However, I wonder, does this relate to the fact that both CSF and IMG keys must be certified using the same SRK during a given image (boot stage) authentication? Or does the statement has broader implications in the sense that all verification stages during the whole boot process must be done using keys that all link to the same SRK?

Thanks a lot for your time!

タグ(1)
0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎07-20-2023 11:50 AM
2,081件の閲覧回数
kef2
Senior Contributor V

As I understand it, it is a single assurance chain for all images used in boot, so single SRK for u-boot and all further hab_auth_img calls until reset. 

  • Or does the statement has broader implications in the sense that all verification stages during the whole boot process must be done using keys that all link to the same SRK?

Yes. Just try it with different SRK indexes for U-Boot and FIT or kernel on not yet closed device. You'll get HAB errors.

元の投稿で解決策を見る

0 件の賞賛
返信
4 返答(返信)

ソリューションへジャンプ
‎07-21-2023 05:25 AM
2,045件の閲覧回数
cdboutin
Contributor I

@kef2@Harvey021 , thanks a lot for your responses. 

0 件の賞賛
返信

ソリューションへジャンプ
‎07-20-2023 08:42 PM
2,062件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

Hi @cdboutin 

can the two authentication states use keys that are certified by different SRKs?

No, the same SRK must be used for extending root of trust. The secure boot process starts with ROM authenticating the first image in the boot flow which is typically a bootloader such as U-Boot, Second Program Loader (SPL) or a custom implementation, Kernel. Once the root of trust is established, the HABv4 API can be leveraged to authenticate additional images, extending the secure boot chain.

 

Best regards

Harvey

0 件の賞賛
返信

ソリューションへジャンプ
‎07-20-2023 11:50 AM
2,082件の閲覧回数
kef2
Senior Contributor V

As I understand it, it is a single assurance chain for all images used in boot, so single SRK for u-boot and all further hab_auth_img calls until reset. 

  • Or does the statement has broader implications in the sense that all verification stages during the whole boot process must be done using keys that all link to the same SRK?

Yes. Just try it with different SRK indexes for U-Boot and FIT or kernel on not yet closed device. You'll get HAB errors.

0 件の賞賛
返信

ソリューションへジャンプ
‎07-20-2023 08:36 AM
2,089件の閲覧回数
cdboutin
Contributor I

Hi,

Anybody has insight?

Thanks

0 件の賞賛
返信