FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

srktool question

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

srktool question

‎05-15-2015 02:44 AM
2,104 Views
_andev_
Contributor II

Hi,

Am I wondering how the SRK_1_2_3_4_fuse.bin file is created from SRK_1_2_3_4_table.bin.

Our keys are SRK?_sha256_4096_65537_v3_ca_crt.der/pem then I suppose srktool uses SHA-256

hash algorithm but I'm not a security expert.

I would like to get the fuse.bin file from the table.bin with some console commands, is it possible?

Regards

0 Kudos
Reply
1 Reply

‎06-10-2015 02:50 AM
1,879 Views
Yuri
NXP Employee
NXP Employee

From app note  AN4581 : “To generate an SRK table, the CST provides the srktool […]”.

The fuse.bin file is “the SRK hash eFuse result of the srktool for an SRK table consisting
of four keys”. It should be burned to the fuses. Please refer to section 5.4 (Provisioning

the SRK Hash eFuse Field for i.MX50 and i.MX 6 Series).

The SRK is intended to check “our keys”. “SRK: Super Root Key, an RSA key pair which forms
the start of the boot-time authentication chain. The hash of the SRK public key is embedded
in the processor using OTP hardware. The SRK private key is held by the CA. Unless explicitly
noted, SRK in this document refers to the publickey only.”


Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply