Use the same key for CSF and IMG?

tonywh · ‎02-09-2021

I'm making a product with secure boot. My company has CA -> Intermediate key -> Product key. I plan to program the Intermediate key in SRK0. Can I use the Product key as both CSF key and IMG key for secure boot? Is there any reason it might be inadvisable to do this?

Thanks,

Tony

tonywh · ‎02-10-2021

Sorry I put this in the wrong place.

Bio_TICFSL · ‎02-09-2021

Hello tonyhw,

HAB 4.1.2 or later introduces the fast authentication feature, which allows the user to have the SRK authenticate, the CSF and IMG. Customer need choose 'n' for below question when generating PKI tree with CST tools: Do you want the SRK certificates to have the CA flag set? (y/n)?: n If Fast Authentication is what is really needed – i.MX 6UL supports it. Please refer to the following for some additional information “Secure Boot i.MX 6 & HAB 4.1.2”

< https://community.nxp.com/message/644308 >

For normal authentication, CSF public key is used to authenticate CSF commands and IMG public key is used to authenticate image, they are installed in separate key slots of internal public key store. It isn't possible to apply the same certificate for CSF and IMG.

Regards

tonywh · ‎02-10-2021

Thanks for the response. Perhaps I need to clarify our requirement a bit more. We have to use the Intermediate key in SRK to satisfy key rotation and product life requirements. What I want to know is whether we can install the same key into the key slots for the CSF public key and the IMG public key.

Thanks,

Tony

Bio_TICFSL · ‎02-11-2021

Hi,

Sorry is not possible.

Regards

Use the same key for CSF and IMG?

Use the same key for CSF and IMG?

i.MX 8M | i.MX 8M Mini | i.MX 8M Nano