Crypto D100 Betriebsanweisung PDF herunterladen (Seite 10)

Secure Boot with i.MX28 HAB Version 4, Rev. 1

10 Freescale Semiconductor

Designing for code signing

the boot image,” which discusses how the IVT is used in the signed image. Also see the i.MX28

Applications Processor Reference Manual for more detailed description of IVT data structure.

NOTE

The i.MX28 ROM requires that the IVT is followed by an unsigned 32-bit

integer in memory containing the size of entire image including IVT and

CSF data. See Boot Modes chapter of the i.MX28 Reference Manual for

more details.

3.1.2 Device Configuration Data

The main purpose of the DCD is to allow peripherals to be configured for optimal performance during

image authentication. A second purpose is to allow memory controllers to be configured in advance of

loading the image from non-volatile storage to its run-time location in external RAM. Since DCD

processing occurs prior to authentication, the scope of valid DCD operations is strictly limited to certain

controllers (clock, memories, etc.). The DCD is executed using the “LOAD DCD” ROM command and is

optional. For i.MX28 a bootlet, an independent image that resides in final boot image that is executed with

a “CALL HAB” ROM command, can also be used to initialize external memories. If using bootlets to

configure i.MX28, the use of DCD is not required.

For further details, see the Boot Modes chapter of the i.MX28 Reference Manual.

3.1.3 Command Sequence File

The CSF is a binary data structure interpreted by the HAB library to guide the authentication process. This

CSF binary structure is created using the HAB Code Signing Tool. The CSF contains commands which

determine:

• The PKI tree to be used in authentication operations.

• The physical memory regions to be authenticated, along with the authentication method and

reference data.

• Device configuration operations.

Device configuration operations in the CSF are similar to those in the DCD. The important difference

between the two is that DCD may configure only a limited range of peripherals (since DCD processing is

performed prior to authentication) whereas device configuration commands within the CSF are

unconstrained, because CSF commands are authenticated before they are executed.

With HAB, multiple non-contiguous regions of physical memory can be covered with a single digital

signature. The maximum number of regions is limited by the hash computation engine used, which may

also depend on the size and alignment of the images, as follows:

• When using DCP for the hash computation of digital signature verification a maximum of six (6)

non-contiguous blocks are supported.

• When using DCP all blocks except the final one must be multiples of 64 bytes in length (the final

data block may be an arbitrary length).

• When using the software implementation for hash computations included in HAB a maximum of

16 non-contiguous blocks are supported.

1 2 ... 5 6 7 8 9 10 11 12 13 14 15 ... 30 31

Keine Kommentare

Crypto D100 Betriebsanweisung Seite 10