i.MX8M Nano Secure Boot (HABv4) Compliance

Nethaji1510

Hello Team,

We have an IMX8MNano board. We have successfully enabled the HABv4 feature on this board and also signed the bootloader kernel and DTB file using the NXP code signing tool.

Our queries,
Our understanding is that NXP supplied the "hab4_pki_tree.sh" script and the code signing tool for HABv4. The PKI keys were created using this "hab4_pki_tree.sh" script, and the image signatures were done using CST. But as per our cyber team compliance, we can't access the private key (it will reside in a secure server) in this case we cant use CST which require the private key. Can you provide us a solution for this?

Harvey021

Hi,

You can refer to the section <Using Code-Signing Tool with Hardware Security Module> CST User guide

IMX_CST_TOOL_NEW

Regards

Harvey

Nethaji1510

Ok. Thanks for your quick support @Harvey021.

Hi @Harvey021,

Kindly share the NXP CST tool 3.3.1 source code package.

i.MX8M Nano Secure Boot (HABv4) Compliance

i.MX8M Nano Secure Boot (HABv4) Compliance

i.MX 8 Family | i.MX 8QuadMax (8QM) | 8QuadPlus

i.MX 8M | i.MX 8M Mini | i.MX 8M Nano

Linux

Security