FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Signing encrypted section using i.MX HAB

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Signing encrypted section using i.MX HAB

‎11-03-2017 06:27 AM
1,069 Views
maximsyrchin
Contributor I

Hello,

I'm using imx6q and trying to boot u-boot image (with IVT, DCD and CSF) with encrypted and signed u-boot.bin section. Separately signing and encryption works perfectly. But if I try to sign encrypted section boot fails.

Here is fragment the csf file I'm using:

...

[Authenticate Data]

...
Blocks = 0x00907400 0x00000C00 0x00008c00 "u-boot"

...

[Decrypt Data]
...
Blocks = 0x00907400 0x00000C00 0x00008c00 "u-boot"

Does anybody knows if it is  possible to sign encrypted u-boot.bin section using CSF ?  

Thanks

0 Kudos
Reply
2 Replies

‎11-05-2017 08:32 PM
691 Views
b36401
NXP Employee
NXP Employee

Please refer an example of encrypted u-boot:

https://community.nxp.com/docs/DOC-332147

Have a great day,
Victor

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply

‎11-07-2017 01:26 AM
691 Views
maximsyrchin
Contributor I

Hi,

The link you've  sent doesn't contain answer to the question: is it possible to sign and encrypt whole u-boot.bin.

All examples and Figure "Chosen memory layout of the encrypted u-boot" on page Encrypted U-boot Example use signature only for unencrypted data, while encrypted part stays unsigned. Like this :

[Authenticate Data]
Blocks = 0x177ff400 0x00000000 0x00000C10 "./u-boot.imx"
[Decrypt Data]
Blocks = 0x17800010 0x00000C10 0x0007AFF0 "./u-boot.imx"

Is it possible to add extra "Authenticate Data" with the same block as in "Decrypt Data" ? 

[Authenticate Data]
Blocks = 0x177ff400 0x00000000 0x00000C10 "./u-boot.imx"
[Authenticate Data]
Blocks = 0x17800010 0x00000C10 0x0007AFF0 "./u-boot.imx"

[Decrypt Data]
Blocks = 0x17800010 0x00000C10 0x0007AFF0 "./u-boot.imx"

I've tried such config already. CSF was generated and u-boot.bin was encrypted without errors. But final image failed to boot. need to figure out:
- am I doing something wrong ?
- or simultaneous encryption and signing doesn't supported

Thanks

0 Kudos
Reply