AnsweredAssumed Answered

High Assurance Boot Certificate Validity

Question asked by Christopher Preschern on Jun 11, 2013
Latest reply on Oct 20, 2016 by Guru Kottur

Hi,

 

I work on a Freescale i.mx28 and I use High Assurance Boot (HAB).

 

When creating certificates with the "hab4_pki_tree.sh" script, which is provided with the Code Signing Tool, I can enter a certificate validity duration of max. 20 years.

 

What happens after 20 year? Does the i.mx28 not boot anymore? Am I not able to sign software anymore? Or do I have to add new CSF and IMG certificates to sign software with them?

 

My questions are: Who checks the certificate duration and when? Which certificates have a limited duration (I assume the root-certificate has unlimited duration)?

 

Best regards,

Chris

Outcomes