AnsweredAssumed Answered

High Assurance Boot Certificate Validity

Question asked by Christopher Preschern on Jun 11, 2013
Latest reply on Oct 20, 2016 by Guru Kottur



I work on a Freescale i.mx28 and I use High Assurance Boot (HAB).


When creating certificates with the "" script, which is provided with the Code Signing Tool, I can enter a certificate validity duration of max. 20 years.


What happens after 20 year? Does the i.mx28 not boot anymore? Am I not able to sign software anymore? Or do I have to add new CSF and IMG certificates to sign software with them?


My questions are: Who checks the certificate duration and when? Which certificates have a limited duration (I assume the root-certificate has unlimited duration)?


Best regards,