Encrypted boot

显示  仅  | 搜索替代 

Encrypted boot

744 次查看
Contributor I

I am using CST to generate encrypted image. I am setting MAC = 16 bytes in my CSF. However, I see 32 bytes of MAC being generated in the CSF output. I see a constant 4 byte pattern and the rest 28 bytes of random data. Any idea where the MAC data is put in these bytes, and what the extra bytes are?

标签 (1)
0 项奖励
2 回复数

650 次查看
Contributor III

Hi Sara,

I am assuming that you are referring to csf.bin.  And that the [Decrypt Data] command is the last command on your CSF.

When in the presence of [Decrypt Data], CST will encrypt the data blocks in-place(data blocks in the input file are replaced by their encrypted version), using the data encryption key. And it also generates a MAC tag of the file and appends it to the CSF.

However, at boot time HAB  needs to know what algorithm and what size use to authenticate the MAC.  Let's take the following example of  csf.bin:

AC 00 24 41  00 0C 00 10  54 46 4E 21 27 6D C9 16  CA A0 BE 70  11 DE 64 1A  F2 20 D4 93  B1 DB C3 75  98 72 E5 F3

If we parse the HAB data structure, it would be like this:

AC 00 24 41



length = 0x0024

version = 0x41

So this part of the structure is the 4 byte pattern that you probably are looking at.

HAB uses CBC-MAC, therefore a nonce and a length are required .Then the next word is divded in two.

00 0C 00 10



MAC LENGTH = 0x0010

Then by intuition, we can tell that the nonce is:

54 46 4E 21 27 6D C9 16  CA A0 BE 70

and that the mac is

11 DE 64 1A  F2 20 D4 93  B1 DB C3 75  98 72 E5 F3

if you need more information about on the parameters and algorithms. I would read the Security Reference manual for your target board


Ulises Cardenas

0 项奖励

650 次查看
Contributor I

Hi Ulises,

Thank you so much for the response. That clears up my question.


Sara Gurunathan

Senior Software Engineer

SRI International/Sarnoff

Products & Services

201 Washington Road

Princeton NJ 08540


0 项奖励