Crypto D100 Uživatelská příručka stáhnout pdf (Strana 2)

Secure Boot with i.MX28 HAB Version 4, Rev. 1

2 Freescale Semiconductor

Introduction

digital signatures. HAB provides a mechanism to establish a root of trust for the remaining software

components.

The i.MX28 ROM is architecturally quite different from other i.MX ROMs that support HAB v4. The

differences in image format and encrypted boot mechanism are substantial, and hence this separate

application note should be used rather than the generic application note for HAB v4. The encrypted boot

for i.MX28 is independent of HAB; see Section 5, “Encrypted boot and Elftosb,” for a brief description of

encrypted boot.

1.2 Scope

In this document a practical example based on u-boot and Linux is used to illustrate the construction of a

secure image in addition to configuring the device to run securely.

All the following questions will be answered:

• What components are required?

— A boot image

— An accompanying set of signing keys and certificates

— Resulting digital signatures

• How are each of these different components generated?

• How are all these components assembled to create an encrypted signed image?

• What are the roles of different fuses?

• What tools are available for provisioning the signed image on bootable media?

• What tools are available for programming fuses?

NOTE

This document covers the secure boot for only the i.MX28 applications

processor using HAB v4.

1.3 Audience

This document is intended for those:

• Requiring an architectural-level technical understanding of how ROM/HAB works in the boot

sequence.

• Designing signed software images for use with a HAB-enabled i.MX28 processor.

It is assumed that the reader is familiar with the basics of digital signatures and public key cryptography.

1 2 3 4 5 6 7 ... 30 31

Žádné komentáře

Crypto D100 Uživatelská příručka Strana 2