帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

With HABv4 can I test artifacts are signed with a key that chains up to a given root CA certificate?

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

With HABv4 can I test artifacts are signed with a key that chains up to a given root CA certificate?

‎02-03-2021 09:51 AM
819 次查看
tonywh
Contributor I

Suppose I have a product with an iMX8mm, how should I use HABv4 in the following situation

1. Keys: product-key is signed by product-line-key which is signed by certificate-authority-key.

2. Want to allow boot when artifacts are signed with any key that chains up to the certificate-authority-key.

Specifically, what should I use as the SRK, CSFK and IMGK?

Thanks,

Tony

 

0 项奖励
回复
1 回复

‎02-03-2021 07:44 PM
814 次查看
Yuri
NXP Employee
NXP Employee

@tonywh 
Hello,

 Please use AN4581 (i.MX Secure Boot on HABv4 Supported Devices)

https://www.nxp.com/docs/en/application-note/AN4581.pdf

Also the following discussion clarifies some aspects:

https://community.nxp.com/t5/i-MX-Processors/Confused-about-SRK/m-p/1184334

 

Regards,
Yuri.

0 项奖励
回复