With HABv4 can I test artifacts are signed with a key that chains up to a given root CA certificate?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

With HABv4 can I test artifacts are signed with a key that chains up to a given root CA certificate?

289 Views
tonywh
Contributor I

Suppose I have a product with an iMX8mm, how should I use HABv4 in the following situation

1. Keys: product-key is signed by product-line-key which is signed by certificate-authority-key.

2. Want to allow boot when artifacts are signed with any key that chains up to the certificate-authority-key.

Specifically, what should I use as the SRK, CSFK and IMGK?

Thanks,

Tony

 

0 Kudos
1 Reply

284 Views
Yuri
NXP Employee
NXP Employee

@tonywh 
Hello,

 Please use AN4581 (i.MX Secure Boot on HABv4 Supported Devices)

https://www.nxp.com/docs/en/application-note/AN4581.pdf

Also the following discussion clarifies some aspects:

https://community.nxp.com/t5/i-MX-Processors/Confused-about-SRK/m-p/1184334

 

Regards,
Yuri.

0 Kudos