FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

With HABv4 can I test artifacts are signed with a key that chains up to a given root CA certificate?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

With HABv4 can I test artifacts are signed with a key that chains up to a given root CA certificate?

‎02-03-2021 09:51 AM
608 Views
tonywh
Contributor I

Suppose I have a product with an iMX8mm, how should I use HABv4 in the following situation

1. Keys: product-key is signed by product-line-key which is signed by certificate-authority-key.

2. Want to allow boot when artifacts are signed with any key that chains up to the certificate-authority-key.

Specifically, what should I use as the SRK, CSFK and IMGK?

Thanks,

Tony

 

0 Kudos
Reply
1 Reply

‎02-03-2021 07:44 PM
603 Views
Yuri
NXP Employee
NXP Employee

@tonywh 
Hello,

 Please use AN4581 (i.MX Secure Boot on HABv4 Supported Devices)

https://www.nxp.com/docs/en/application-note/AN4581.pdf

Also the following discussion clarifies some aspects:

https://community.nxp.com/t5/i-MX-Processors/Confused-about-SRK/m-p/1184334

 

Regards,
Yuri.

0 Kudos
Reply