RT1170 Does HAB API signature verification conflict with CAAM module initialization?

I_AM_ROBOT · ‎07-15-2024

In a life cycle, if the CAAM module is initialized, then calling the HAB API to verify the signature will fail. If the CAAM module is not initialized, the signature verification will succeed. What is the reason?

Currently, the CAAM module needs to be used to generate a true random number seed

diego_charles · ‎07-29-2024

Hi @I_AM_ROBOT

Thank you very much for your patience.

I presume the reason is because the HAB is using the CAAM to accelerate some cryptographic operations during the HAB boot or during the call of signature verification API from the application. As stated on the RM :

Depending on the algorithm, HAB will use the CAAM to accelerate some crypto
operations:

I would recommend using the CAAM after executing those APIs.

Let me know if you have any more related questions.

Diego