Hi, professionals !
I'm doing the secure boot on imx93. I use Yocto with meta-nxp-security-reference-design/meta-secure-boot meta layer, which supports i.MX boot image signing automation to compile the signed uboot and kernel container.
First time, i referred to the ahab document and generated the ecc sha384 keys, and got the signed uboot and kernel container. I flash it to first board and run ahab_status, it succeed
Second time, i generated the rsa-2048 sha256 keys, and every steps else is the same with the first time. I flash the signed uboot and kernel to second board and run ahab_status, it failed, shows
0x0287f7d6
IPC = MU APD (0x2)
CMD = ELE_OEM_CNTN_AUTH_REQ (0x87)
IND = ELE_BAD_CONTAINER_FAILURE_IND (0xF7)
STA = ELE_SUCCESS_IND (0xD6)
I'm really confused why it can't work with the rsa keys, and what does the failure indication mean? I think the imx93 and ahab support both ECC and RSA, and i really follow the same step, just key type are different.
I am very eager to get your support and help! Thanks in advance!
已解决! 转到解答。
This issue has been resolved. As the IMX93 Reference Manual say, it support rsa-pss and ecc key, but not rsa key, so it is clear that imx93 doesn't support rsa type keys.
Hi,
Probably a cause as like " By default, the NXP CST Signer Tool uses standard keys of type ECC P256-SHA256 for i.MX 8/8x/8ULP/9 Family" as stated from <10.9.2 Prerequisites for preparing a signed image>
Regards
Harvey
Hi
As AHAB should support RSA key. With checking the whole statement from the section " 10.9.2 Prerequisites for preparing a signed image". my understanding is that the Signer Tool, by default, will use ECC type of keys for i.MX93 device for signing. Sorry, it is not available for me to have a test for now.
Can you side have a test while using RSA keys? as stated here “Note: (Optional) Create and populate csf_hab4.cfg and/or csf_ahab.cfg with the preferred key type at the CST location to use your preferred PKI tree. The default configuration files are located at the CST Signer work directory in Yocto build.”
Regards
Harvey