ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

With HABv4 can I test artifacts are signed with a key that chains up to a given root CA certificate?

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

With HABv4 can I test artifacts are signed with a key that chains up to a given root CA certificate?

‎02-03-2021 09:51 AM
891件の閲覧回数
tonywh
Contributor I

Suppose I have a product with an iMX8mm, how should I use HABv4 in the following situation

1. Keys: product-key is signed by product-line-key which is signed by certificate-authority-key.

2. Want to allow boot when artifacts are signed with any key that chains up to the certificate-authority-key.

Specifically, what should I use as the SRK, CSFK and IMGK?

Thanks,

Tony

 

0 件の賞賛
返信
1 返信

‎02-03-2021 07:44 PM
886件の閲覧回数
Yuri
NXP Employee
NXP Employee

@tonywh 
Hello,

 Please use AN4581 (i.MX Secure Boot on HABv4 Supported Devices)

https://www.nxp.com/docs/en/application-note/AN4581.pdf

Also the following discussion clarifies some aspects:

https://community.nxp.com/t5/i-MX-Processors/Confused-about-SRK/m-p/1184334

 

Regards,
Yuri.

0 件の賞賛
返信