i.MX8X permanently revoke a SRK key

gonzalo_ruiz · ‎01-11-2021

Hello,

on AN12312 is specified that an SRK key can be revoked by a combination of CST and SCU API.

I was able to set the Revocations parameter in the CST [Install SRK] command and I verified it is not able to authenticate using the SRK keys specified in the Revocations parameter. For example:

[Install SRK]
...
# bitmask of the revoked SRKs
Revocations = 0x2

With this command I am not able to boot images signed with SRK1 on a closed device.

However, If the Revocations value is change back to 0:

[Install SRK]
...
# bitmask of the revoked SRKs
Revocations = 0x0

I am able to boot images signed with SRK1 again, which is not really safe considering that SRK set should not be valid anymore.

Is there a way to make this revocation permanent in the device? I saw references to sending the COMMIT command, but there is no instructions or guide on how to do that. Can you provide more information?

Thank you,

Gonzalo

marouene_boubakri · ‎01-11-2021

Hi @gonzalo_ruiz ,

Following is an SRK revocation example:

The validation test scenario is under assumption “SRK1 and SRK2 public key hacked and must replace to SRK3”.

1) You can fuse these two bits at a time, that is to set Revocations in CSF file to 0x3, the updated csf script is like below:

[Install SRK]
# SRK table generated by srktool
File = "../../crts/SRK1234table.bin"
# Public key certificate in PEM format
Source = "../../crts/SRK3_sha384_secp384r1_v3_usr_crt.pem"
# Index of the public key certificate within the SRK table (0 .. 3)
Source index = 2
# Type of SRK set (NXP or OEM)
Source set = OEM
# bitmask of the revoked SRKs
Revocations = 0x3

2) Use this updated csf script to sign the boot image containers, then write the signed-flash.bin to sdcard to confirm that AHAB boots successfully with new signed image by SRK3.

$ dd if=signed-flash.bin of=/dev/sdx bs=1k seek=32; sync

3) After the system boot up, stop it at uboot. Input below commands in scu serial port to revoke corresponding bits.

>seco commit 0x10
Confirm commit 0x00000010 [y/n]: y
Committed: 0x08X

4) In A core serial port, input below to check if the fuse SRK_REVOKE_CONTROL is revoked.

=> fuse read 0 11
Reading bank 0:
Word 0x0000000b: 00000300

5) You can resign the flash.bin by SRK2 or SRK1, the AHAB boot fails.

Regards

Maro

元の投稿で解決策を見る

marouene_boubakri · ‎01-11-2021

Hi @gonzalo_ruiz ,

Following is an SRK revocation example:

The validation test scenario is under assumption “SRK1 and SRK2 public key hacked and must replace to SRK3”.

1) You can fuse these two bits at a time, that is to set Revocations in CSF file to 0x3, the updated csf script is like below:

[Install SRK]
# SRK table generated by srktool
File = "../../crts/SRK1234table.bin"
# Public key certificate in PEM format
Source = "../../crts/SRK3_sha384_secp384r1_v3_usr_crt.pem"
# Index of the public key certificate within the SRK table (0 .. 3)
Source index = 2
# Type of SRK set (NXP or OEM)
Source set = OEM
# bitmask of the revoked SRKs
Revocations = 0x3

2) Use this updated csf script to sign the boot image containers, then write the signed-flash.bin to sdcard to confirm that AHAB boots successfully with new signed image by SRK3.

$ dd if=signed-flash.bin of=/dev/sdx bs=1k seek=32; sync

3) After the system boot up, stop it at uboot. Input below commands in scu serial port to revoke corresponding bits.

>seco commit 0x10
Confirm commit 0x00000010 [y/n]: y
Committed: 0x08X

4) In A core serial port, input below to check if the fuse SRK_REVOKE_CONTROL is revoked.

=> fuse read 0 11
Reading bank 0:
Word 0x0000000b: 00000300

5) You can resign the flash.bin by SRK2 or SRK1, the AHAB boot fails.

Regards

Maro

gonzalo_ruiz · ‎01-11-2021

Hi Maro,

Is there a way to run the equivalent to the 'seco commit' command from U-Boot via the SCU API? I don't have access to the SCU serial port by default.

Also, how is that command built? Should we use the same argument regardless of the specific SRK keys that are being revoked?

Regards,

Gonzalo

marouene_boubakri · ‎01-14-2021

Hi @gonzalo_ruiz,

System Controller Firmware provides API functions, you are more interested in commit SRK you can use the sc_seco_commit() API and for reading/writing fuse you can use sc_misc_otp_fuse_read() and sc_misc_otp_fuse_write() You can find details in "System Controller Firmware Porting Guide"

Regards

Maro

gonzalo_ruiz · ‎01-14-2021

Hi @marouene_boubakri ,

Thanks for the information. I am also trying to locate a certain "SECO API Reference Guide" to get more information about the arguments.

Can you tell me where I can find it?

Regards,

Gonzalo

marouene_boubakri · ‎01-14-2021

Hi @gonzalo_ruiz,

Currently, the document is under moderated release by Marketing team only.

Please send a request to marketing to get the document.

Regards
Maro