FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

imx93: SRK revocation

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

imx93: SRK revocation

Jump to solution
‎03-13-2024 02:09 AM
1,941 Views
mothacehe
Contributor I

Hello,

I am trying to perform key revocation on my closed imx93 board.

My CSF file looks like:

[Header]
Target = AHAB
Version = 1.0

[Install SRK]
File = "../cst-3.4.0/crts/SRKtable.bin"
Source = "../cst-3.4.0/crts/SRK2_sha384_secp384r1_v3_usr_crt.pem"
Source index = 1
Source set = OEM
Revocations = 0x1

[Authenticate Data]
File = "spl.bin"
Offsets = 0x400 0x490

The idea is to sign with SRK2 and revoke SRK1 (0x1 bitmask). Booting from that image works fine, but I can still also boot from an image signed with SRK1.

Is there anything else that needs to be done in order to revoke SRK1?

Thanks,

Mathieu

0 Kudos
Reply
1 Solution

Jump to solution
‎03-19-2024 02:59 AM
1,892 Views
Harvey021
NXP TechSupport
NXP TechSupport

check if missing the step ahab_commit 0x10

 

Regards

Harvey

View solution in original post

0 Kudos
Reply
2 Replies

Jump to solution
‎03-19-2024 02:59 AM
1,893 Views
Harvey021
NXP TechSupport
NXP TechSupport

check if missing the step ahab_commit 0x10

 

Regards

Harvey

0 Kudos
Reply

Jump to solution
‎03-21-2024 05:52 AM
1,883 Views
mothacehe
Contributor I

That worked thanks. I had to add support for ahab_commit mainline though: https://lists.denx.de/pipermail/u-boot/2024-March/548873.html

0 Kudos
Reply