Crypto D100 Guía de usuario descargar pdf (Pagina 5)

Secure Boot with i.MX28 HAB Version 4, Rev. 1

Freescale Semiconductor 5

i.MX28 security architecture overview

The HAB library, embedded in the processor ROM, contains functions to authenticate an image as well as

initialize and test security hardware. The same library functions can be called from later boot stages to

extend the boot chain past the stage immediately after the Boot ROM.

The areas of an image that HAB verifies are completely customizable through a series of commands that

are interpreted by HAB. These are known as Command Sequence File (CSF) commands that define the

memory locations a digital signature covers, which keys to verify the signature with, and so on. All CSF

processing is done within the HAB library, including cryptographic hash and digital signature verification.

When appropriate, the HAB library makes use of the on-board hardware hash accelerator DCP to improve

boot performance. On i.MX28, HAB v4 uses the RSA algorithm with all signatures following the CMS

format, and all certificates following the X509v3 format.

For further details, see the i.MX28 Reference Manual in addition to the HAB CST User Guide listed in

Section 1.5, “References.”

NOTE

RSA public key sizes used for secure boot with HAB on i.MX28 are limited

to 1024 and 2048 bits only.

2.2 Boot flow

The Boot ROM execution state diagram for i.MX28 application processor that includes HAB v4 is shown

in Figure 1. The boot ROM for i.MX28 begins by loading a boot image (SB file) from bootable media.

The bootable section of the SB file consists of boot commands such as LOAD, LOAD DCD, CALL HAB,

JUMP HAB, etc. The ROM executes these commands in the sequence they are placed in the image binary.

More details are provided in the sections describing the tools to generate a bootable image.

In Figure 1, “Process CSF with HAB” is the point in the ROM execution state where the digital signatures

across an image are verified. When configured for secure operation, the Boot ROM on an i.MX28 device

will not allow unauthenticated code to execute and access to registers is limited for the LOAD DCD

command. Any signature failures or security violations force the boot ROM to enter USB recovery mode

to provision a new signed image to the boot device. Note that when configured for secure operation, even

images downloaded via USB must be properly signed.

1 2 3 4 5 6 7 8 9 10 ... 30 31

Sin comentarios

Crypto D100 Guía de usuario Pagina 5