AnsweredAssumed Answered

HAB - Public key certificate is invalid

Question asked by Alex Berenshtein on Aug 6, 2017
Latest reply on Aug 7, 2017 by Yuri Muhin

Hi.

We try build HAB for i.mx6   ( u-boot & Kernel )

We use cst-232  tool.

1. In cst-232 we run:

./hab4_pki_tree.sh

After completing the questions, the PKI tree is created.

2.

Generate SRK table:

../linux64/srktool -h 4 -t SRK_1_2_3_4_table.bin -e SRK_1_2_3_4_fuse.bin -d sha256 -c
./SRK1_sha256_2048_65537_v3_ca_crt.pem,./SRK2_sha256_2048_65537_v3_ca_crt.pem,./SRK3_sha256_2048_65537_v_3_ca_crt.pem,./SRK4_sha256_2048_65537_v3_ca_crt.pem -f 1

 

3.

 

hexdump -e '/4 "0x"' -e '/4 "%X""\n"' SRK_1_2_3_4_fuse.bin0x20593752

0x6ACE6962
0x26E0D06C
0xFC600661
0x1240E88F
0x209F144
0x831C8117
0x1190FD4D

 

4.

Uncomment  CONFIG_SECURE_BOOT to the board configuration header.
#define CONFIG_SECURE_BOOT

5. compile u-boot

 

6. mkdir u-boot

7. cd  u-boot

  copy u-boot.imx in u-boot directory

Create a "u-boot" directory an "u-boot.csf" file:

For example:

========================

Command Sequence File for the example:

 

[Header]
Version = 4.1
Hash Algorithm = sha256
Engine = ANY
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
[Install SRK]
File = “../crts/SRK_1_2_3_4_table.bin”
Source index = 0
# Index of the key location in the SRK table to be installed
[Install CSFK]
# Key used to authenticate the CSF data
File = “../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem”
[Authenticate CSF]
[Install Key]
# Key slot index used to authenticate the key to be installed
Verification index = 0
# Target key slot in HAB key store where key will be installed
Target Index = 2
# Key to install
File= ”../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem”
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
#
Address
Offset Length
Data File Path
Blocks = 0x877fb000 0x000
0x48000
“/home/user/path_to_u-boot_dir/u-boot.imx”

===================================

8.Generate the CSF binary signature:

 

./cst -–o csf-uboot.bin --i  uboot.csf

 

I see:

Public key certificate is invalid in file ../crst/IMG1_1_sha256_2048_65537_v3_usr_crt.pe

What a problem ?

Please help.

Best regards.

 

Outcomes