AnsweredAssumed Answered

secure Boot on i.MX6 - signing with several keys

Question asked by Patrick Jakob on Aug 17, 2016
Latest reply on Aug 18, 2016 by Yuri Muhin

Dear NXP Community,

 

i want to test the secure Boot feature on i.MX6. I created 4 SRK-Keys with the CST and can sign the U-Boot. I burned the SRK-Hash table to the fuses and set the fuse sec_config to closed. I can signing the U-Boot image, download it and start it. Unsigned or wrong signed images dont start and i get HAB Events, so everything works fine.

I tried it only with the first SRK-Key. So my next test is signing the image with the second SRK-Key. I think i only have to change some commands in the CSF. So i changed the command "Install SRK" argument "source index" from 0 to 1 and changed the "file" argument of the Commands "Install CSFK" and "Install Key". Now i can sign the Image but if i authenticate the image i get HAB Events. So my question is can i sign the image with the second SRK-Key or must i revoke the first key and after that i can authenticate the image with the second key?

 

best regards

 

Patrick Jakob

Outcomes