AnsweredAssumed Answered

Meaning of the certificate argument to CST for encrypted boot

Question asked by Florian Doerfler on Mar 10, 2016
Latest reply on Mar 15, 2016 by Florian Doerfler

Hi All

I am trying to get encrypted boot to work on an i.MX6. The sample command line (from Security Features of i.MX Applications Processors) to sign/encrypt an image for use with encrypted boot goes:

./cst -o csf.bin -c ./dek_rsa_key_crt.pem < u-boot_enc.csf

Can anybody tell me what the parameter "-c ./dek_rsa_key_crt.pem" does?

I assumed that it is used to protect the DEK for transport to the place where it is encrypted into a DEK blob on the target but then wondered:

- How can the target decrypt the DEK to re-encrypt it with the OTPMK?

- How do I generate the dek_rsa_key_crt.pem?