I'm making a product with secure boot. My company has CA -> Intermediate key -> Product key. I plan to program the Intermediate key in SRK0. Can I use the Product key as both CSF key and IMG key for secure boot? Is there any reason it might be inadvisable to do this?
Thanks,
Tony
Hello tonyhw,
HAB 4.1.2 or later introduces the fast authentication feature, which allows the user to have the SRK authenticate, the CSF and IMG. Customer need choose 'n' for below question when generating PKI tree with CST tools: Do you want the SRK certificates to have the CA flag set? (y/n)?: n If Fast Authentication is what is really needed – i.MX 6UL supports it. Please refer to the following for some additional information “Secure Boot i.MX 6 & HAB 4.1.2”
< https://community.nxp.com/message/644308 >
For normal authentication, CSF public key is used to authenticate CSF commands and IMG public key is used to authenticate image, they are installed in separate key slots of internal public key store. It isn't possible to apply the same certificate for CSF and IMG.
Regards
Thanks for the response. Perhaps I need to clarify our requirement a bit more. We have to use the Intermediate key in SRK to satisfy key rotation and product life requirements. What I want to know is whether we can install the same key into the key slots for the CSF public key and the IMG public key.
Thanks,
Tony