Verifying images in HAB in Linux or OPTEE

nicholash · ‎02-13-2020

Hi, I'm trying to work on an update procedure on an IMX6UL that checks to see if an image will pass the HAB check before updating the images. I'm having trouble accessing the boot ROM from OPTEE so I need to re-implement the authentication function in as a TA in OPTEE or failing that as a regular Linux application, similar to the uboot command hab_auth_img. Is there any code available for this? Is there a way to make the CST do this?

nicholash · ‎02-17-2020

Hi, is there any solution this? This seems like a fairly common use case that will stop people bricking their devices.

Yuri · ‎02-25-2020

Hello,

I've sent You directly some considerations.

Have a great day,

Yuri

-------------------------------------------------------------------------------

Note:

- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored

Please open a new thread and refer to the closed one, if you have a related question at a later point in time.

lijiangning

We also have the requirement to perform kernel signature verification within OP-TEE. Could you provide the methodology and an implementation (code) for this?

thanks

gcornacchia · ‎02-17-2021

Hi Yuri,

I'm trying to use hab checking function for imxull in kernel userspace is there any implementation?

Can you share your considerations?

What I would like to achive is a signature checking

thank you

Yuri · ‎02-18-2021

@gcornacchia
Hello,

There is no the hab checking in userspace.

Regards,
Yuri.

Verifying images in HAB in Linux or OPTEE

Verifying images in HAB in Linux or OPTEE

i.MX6UL

Security