Crypto D100 Betriebsanweisung PDF herunterladen (Seite 12)

Secure Boot with i.MX28 HAB Version 4, Rev. 1

12 Freescale Semiconductor

Designing for code signing

The IVT can appear anywhere before, in between or after the Image Data but not at address 0. Otherwise

*self in IVT points to NULL and is interpreted by HAB library as an invalid address.

The Image Length field as mentioned earlier must immediately follow the IVT and is the length of entire

image data including IVT and CSF data.

3.1.6 Secure boot—image layout

The SEC_CONFIG fuse field tells HAB whether the device is to boot securely or not. By setting this field

to Closed, the i.MX28 only allows a properly signed image to execute. In the Closed configuration the CSF

data component is mandatory and must be included in the image along with valid pointers in the IVT

structure. This is true regardless of which boot device is chosen, including USB recovery mode.

The first step performed by HAB when performing a secure boot is the installation of the SRK. It is

important to have the SRK tied to the processor to avoid replacement with an untrusted key. Therefore,

during the installation of the SRK, the ROM computes a SHA-256 hash of the SRK Table attached to the

binary CSF data. The result is compared to the reference value provisioned into the OTP fuses during

product manufacturing.

Next are the principal steps (not necessarily in order) involved in processing the CSF:

• Verify the CSF key certificate using the SRK.

• Verify the CSF signature using the CSF key.

• Verify image key certificates using the SRK.

• Verify image signature(s) using the image keys.

• Perform any device configuration operations specified in the CSF.

Note that not all steps apply to every CSF.

If HAB authentication is successful, ROM code jumps into the image code pointed to *entry.

1 2 ... 7 8 9 10 11 12 13 14 15 16 17 ... 30 31

Keine Kommentare

Crypto D100 Betriebsanweisung Seite 12