AnsweredAssumed Answered

How to configure CSF to sign uboot with a different key

Question asked by Rohini Narasipur on Jun 22, 2017
Latest reply on Jun 23, 2017 by Yuri Muhin

Hi,

 

Even though I generated 4 different key sets using hab4_pki_tree.sh script, I am able to use only the first pair of keys for signing and verification. If I specify second, third or fourth certificate in the configuration file, HAB events (HAB_INV_SIGNATURE and HAB_INV_KEY) are generated during boot. If I choose second CSF and IMG certificate, then should I also change the source index in Install SRK section? How will HAB know which SRK to use for verifying root of trust? And what other changes should I do in my config file to use any certificate pair other than the first CSF and IMG pair?

 

Regards,

Rohini 

Outcomes