I read the description of HAB here
High Assurance Boot - Variscite Wiki
But there seems to be a part that is not exactly explained.
Taking zImage as an example, it seems that the signing data is added after the image data of the compiled zImage.
Does the added signing data contain only RSA-encrypted data of hash data of a key such as SRK, but not the hash data of the compiled zImage?
I know that HAB does not boot if the signing data part of the signed zImage is damaged even if 1 bit. Then, if the image data part of zImage is damaged even if 1 bit, not the signing data part of signed zImage, does HAB not boot even in this case?
And, when you try to update to a new image file, can compare the signed data of the file you want to update, such as checking the signed image file in HAB, and perform a Hash compare?
In other words, is it possible to implement so that the HAB can do it in the user application area in the same way as checking the signed image?
1. Change a single bit in the authentication block of the image, and confirm that this modified image is rejected when loaded into the device.
2. Change a single bit in the firmware block of the image, and confirm that this modified image is rejected when loaded into the device.
The above two functions need to be implemented, but when a file that is not booted is to be installed on the device, files with changes in signing data or image data must be rejected by the device.
Please help me.
Hello,
use Appendix G (Extending the root of trust) of "Secure Boot on i.MX 50, i.MX 53, i.MX 6 and i.MX 7 Series using HABv4" Application Note, Rev. 2, 05/2018.
https://www.nxp.com/docs/en/application-note/AN4581.pdf
Regards,
Yuri.