AnsweredAssumed Answered

HAB verify boot scripts and other binary data

Question asked by Paul Holmquist on Nov 7, 2018
Latest reply on Nov 8, 2018 by Yuri Muhin

Is it possible to use the HAB interface to verify signature of non-image data such as boot-script?  I noticed this being referenced in the Digi board ccimx6sbc UBoot code to check signature of a boot-script using HAB interface before running it.  I'd also like to verify other binary data that I would sign using same PKI tree for images.

 

Seems like all I would need to do would be to perform all the padding and add a fake IVT data region before signing it using the CST tool (similar to how a kernel image gets signed).  The IVT can be fake since I'm not expecting to execute as an image (calling the HAB ROM interface directly, hab_rvt::authenticate_image()).

 

Thanks.

Outcomes