- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
Hi,
We are currently looking at our options for implementing Secure Boot on our platform which uses the i.MX8MM SoC. Something that will have implications as to how we will manage our keys is the following. If we want to use the HAB for verifying both the boot loader and the Kernel FIT Image, can the two authentication states use keys that are certified by different SRKs? The AN4581 document says : "Only one SRK can be used per reset cycle. All keys must be generated from the same SRK". However, I wonder, does this relate to the fact that both CSF and IMG keys must be certified using the same SRK during a given image (boot stage) authentication? Or does the statement has broader implications in the sense that all verification stages during the whole boot process must be done using keys that all link to the same SRK?
Thanks a lot for your time!
已解决! 转到解答。
As I understand it, it is a single assurance chain for all images used in boot, so single SRK for u-boot and all further hab_auth_img calls until reset.
- Or does the statement has broader implications in the sense that all verification stages during the whole boot process must be done using keys that all link to the same SRK?
Yes. Just try it with different SRK indexes for U-Boot and FIT or kernel on not yet closed device. You'll get HAB errors.
Hi @cdboutin
can the two authentication states use keys that are certified by different SRKs?
No, the same SRK must be used for extending root of trust. The secure boot process starts with ROM authenticating the first image in the boot flow which is typically a bootloader such as U-Boot, Second Program Loader (SPL) or a custom implementation, Kernel. Once the root of trust is established, the HABv4 API can be leveraged to authenticate additional images, extending the secure boot chain.
Best regards
Harvey
As I understand it, it is a single assurance chain for all images used in boot, so single SRK for u-boot and all further hab_auth_img calls until reset.
- Or does the statement has broader implications in the sense that all verification stages during the whole boot process must be done using keys that all link to the same SRK?
Yes. Just try it with different SRK indexes for U-Boot and FIT or kernel on not yet closed device. You'll get HAB errors.
