imx93: SRK revocation

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

imx93: SRK revocation

跳至解决方案
2,074 次查看
mothacehe
Contributor I

Hello,

I am trying to perform key revocation on my closed imx93 board.

My CSF file looks like:

[Header]
Target = AHAB
Version = 1.0

[Install SRK]
File = "../cst-3.4.0/crts/SRKtable.bin"
Source = "../cst-3.4.0/crts/SRK2_sha384_secp384r1_v3_usr_crt.pem"
Source index = 1
Source set = OEM
Revocations = 0x1

[Authenticate Data]
File = "spl.bin"
Offsets = 0x400 0x490

The idea is to sign with SRK2 and revoke SRK1 (0x1 bitmask). Booting from that image works fine, but I can still also boot from an image signed with SRK1.

Is there anything else that needs to be done in order to revoke SRK1?

Thanks,

Mathieu

0 项奖励
回复
1 解答
2,025 次查看
Harvey021
NXP TechSupport
NXP TechSupport

check if missing the step ahab_commit 0x10

 

Regards

Harvey

在原帖中查看解决方案

0 项奖励
回复
2 回复数
2,026 次查看
Harvey021
NXP TechSupport
NXP TechSupport

check if missing the step ahab_commit 0x10

 

Regards

Harvey

0 项奖励
回复
2,016 次查看
mothacehe
Contributor I

That worked thanks. I had to add support for ahab_commit mainline though: https://lists.denx.de/pipermail/u-boot/2024-March/548873.html

0 项奖励
回复