Datasheet 搜索 > 微处理器 > NXP(恩智浦) > MCIMX6S5EVM10AB 数据手册 > MCIMX6S5EVM10AB 用户编程技术手册 6/22 页
¥ 241.197
MCIMX6S5EVM10AB 用户编程技术手册 - NXP(恩智浦)
制造商:
NXP(恩智浦)
分类:
微处理器
封装:
BGA-624
Pictures:
3D模型
符号图
焊盘图
引脚图
产品图
MCIMX6S5EVM10AB数据手册
Page:
of 22 Go
若手册格式错乱,请下载阅览PDF原文件
SRK Revocation on i.MX 6 Series
Secure Boot on i.MX50, i.MX53, and i.MX 6 Series using HABv4, Rev. 1, 10/2015
6 Freescale Semiconductor, Inc.
Do you want the SRK certificates to have the CA flag set? (y/n)?: y
After completing the questions, the PKI tree is created. This example tree creates a new CA, uses 2048
bit keys, lasts for 10 years (HAB does not consider the duration), and has 4 SRKs. For all i.MX series
HABv4 enabled parts except the i.MX6SX, the last question regarding the “CA flag” in the SRK must
be answered as “y”. The resulting private keys are placed in the keys directory of the CST, and the
corresponding X.509 certificates are placed in the crts directory.
NOTE
The i.MX6SX HABv4 revision contains a new feature that allows the user
to have the SRK authenticate the CSF and image data. The feature
supplies the user with a faster boot time, at the cost of a less robust
signature. Unless boot time is critical, it is recommended the SRK have
the CA flag, and the CSF and IMG keys are used to validate their
respective data.
For more details on key generation for CST, see the HAB CST User Guide.
3.2. Generate SRK table
The SRK table is required by CST. It is a table of the Public SRKs. To generate an SRK table, CST
provides the srktool, which requires X.509v3 public key certificates as inputs for the SRKs. This tool
creates the SRK table and an SRK fuse table. The fuse table contains a hash value of the SRK table, and
is programmed to the SRK fuses on the target. The srktool is capable of outputting the fuse table in
different formats to align with different fuse controllers used on various parts. i.MX 6 Series parts use
OCOTP and the format is 32 fuses per word, so set the output format to “-f 1” . The following shows
how to generate an SRK table with four keys for this example.
From the “crts” directory execute:
../linux64/srktool -h 4 -t SRK_1_2_3_4_table.bin -e SRK_1_2_3_4_fuse.bin -d sha256 -c
./SRK1_sha256_2048_65537_v3_ca_crt.pem,./SRK2_sha256_2048_65537_v3_ca_crt.pem,./SRK3_sha256_2048_65537_v
3_ca_crt.pem,./SRK4_sha256_2048_65537_v3_ca_crt.pem -f 1
3.3. Fuse programming
Enabling the secure boot features of the device requires programming fuses on the part. A Fuse Map for
the specific part should always be obtained and referenced to ensure the correct fuse locations are being
programmed.
3.3.1. SRK Fuses
The SRK fuse values are generated by srktool when the SRK table was assembled in the previous
section. Be careful when programming these values, as this data is the basis for the root of trust. An
error in SRK results in a part that does not boot.
器件 Datasheet 文档搜索
AiEMA 数据库涵盖高达 72,405,303 个元件的数据手册,每天更新 5,000 多个 PDF 文件
