Hi everybody, I'm new in this field, so please be patient if my questions will be too easy for you.
I started working on secure boot HAB and I have a few questions about this argument and u-boot signature.
1) many tutorial spoke about "fuse prog" for the SRK, I was wandering if it exists a different way to validate an u-boot image maybe only writing in the shadow memory before u-boot starts (via JTAG)? ( I wasn't able to understand if in the validation phase HAB uses values in shadows memory or not. (other way to debug a secure boot without prog the OTP fuse are appreciated)
2)When we create the signature using the tool ./cst I use the following csf file:
Version = 4.2
Security Configuration = Open
Hash Algorithm = sha256
Engine Configuration = 0
Certificate Format = X509
Signature Format = CMS
File = "../crts/SRK_1_2_3_4_table.bin"
Source index = 0
File = "../crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem"
Verification index = 0
Target Index = 2
# Key to install
Verification index = 2
#AddressOffset Length Data File Path
Blocks = 0x177FB000 0x000 0x87C00 "../../u-boot/u-boot.imx"
Can someone explain me exactly what the Blocks value are discovered?
2.1) is correct to sign all the .imx image? including IVT
2.2) where exactly can I find (understand) the first value of length ?