Crypto D100 Guía de usuario descargar pdf (Pagina 7)

Secure Boot with i.MX28 HAB Version 4, Rev. 1

Freescale Semiconductor 7

i.MX28 security architecture overview

Figure 2 gives an example of a typical PKI tree that is generated by the Freescale Code Signing Tools.

Figure 2. HAB v4 enabled devices typical PKI tree

For further information on the PKI tree used for HAB v4, see the HAB CST User Guide as mentioned in

the Section 1.5, “References.” The details of digital signature authentication with the RSA algorithm are

beyond the scope of this document.

The authentication steps performed by HAB occur in stages which are shown in Figure 3.

Figure 3. HAB v4 dnabled devices detailed PKI tree

On the i.MX28, the authentication begins with establishing a root of trust with the Super Root Key (SRK).

HAB does this by computing a cryptographic hash of the SRK Table and comparing the result with a

pre-computed hash that is provisioned in OTP efuses. This ensures that the integrity of the SRK Table

included in the image is intact. This is the beginning of the authentication chain in which the SRK is used

to authenticate other keys which exist in the form of X509 certificates. For details on the SRK Table and

how to generate it, see the HAB CST User’s Guide.

1 2 3 4 5 6 7 8 9 10 11 12 ... 30 31

Sin comentarios

Crypto D100 Guía de usuario Pagina 7