blob: 1d1c925d4d50e023c024c7a63009ba7355f244d3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
% ----------------------------
\subsection{NXP High Assurance Boot (i.mx-Family)}
% ----------------------------
\begin{frame}[fragile]
\frametitle{i.mx Boot}
\begin{itemize}
\item High Assurance Boot (HAB)
\item v4.x in i.mx6/7/8
\item Boot-Image Verification
\item Key-Hash in One-Time-Programmable (OTP) Memory/Fuses
\item PKI:
\begin{itemize}
\item up to 4 Storage Root Keys (SRK)
\item separate Sequence and Image Key Trees
\item Field Key-Revoke possible (only SRK 0-2)
\item ECC (only for SRK-CA)
\end{itemize}
\item Cryptographic Methods:
\begin{itemize}
\item sha256
\item RSA-4096
\item ECC (SRK CA only)
\end{itemize}
\end{itemize}
\end{frame}
% ----------------------------
\begin{frame}[fragile]
\frametitle{HAB Boot Image}
\begin{columns}[onlytextwidth]
\begin{column}{0.5\textwidth}
\begin{itemize}
\item Image Vector Table
\item Device Configuration Data
\item Bootloader
\item opt.: Command Sequence
\end{itemize}
\end{column}
\begin{column}{0.5\textwidth}
\begin{figure}[h]
\centering
\includegraphics[width=6cm]{images/imx-hab-image.png}
\end{figure}
\end{column}
\end{columns}
\end{frame}
% ----------------------------
\begin{frame}[fragile]
\frametitle{HAB Boot Sequence}
\begin{columns}[onlytextwidth]
\begin{column}{0.5\textwidth}
\begin{enumerate}
\begin{scriptsize}
\item configure HAB
\item verify SRK Table
\item process Command Sequence \\
(unprotected part)
\begin{enumerate}
\begin{scriptsize}
\item install single SRK PubK
\item verify CSFK Certificate \\
(w/ installed SRK)
\item install CSFK PubK
\item verify protected CSF Part \\
(w/ installed CSFK)
\end{scriptsize}
\end{enumerate}
\item process Command Sequence \\
(protected part)
\begin{enumerate}
\begin{scriptsize}
\item configure Crypt-Infrastructure
\item verify IMGK Certificate \\
(w/ installed SRK)
\item install IMGK PubK
\item verify Image \\
(w/ installed IMGK)
\item execute Image
\end{scriptsize}
\end{enumerate}
\end{scriptsize}
\end{enumerate}
\end{column}
\begin{column}{0.5\textwidth}
\begin{figure}[h]
\centering
\includegraphics[width=3cm]{images/imx-hab-csf.png}
\end{figure}
\end{column}
\end{columns}
\end{frame}
% ----------------------------
\begin{frame}[fragile]
\frametitle{HAB: SRK Table Verification}
\begin{figure}[h]
\centering
\includegraphics[width=7cm]{images/imx-hab-verifysrk.png}
\end{figure}
\end{frame}
% ----------------------------
\begin{frame}[fragile]
\frametitle{HAB: Key Hierarchy}
\begin{figure}[h]
\centering
\includegraphics[width=8cm]{images/imx-hab-keyhierarchy.png}
\end{figure}
\end{frame}
|
