herunterladen
© 2015 Freescale Semiconductor, Inc. All rights reserved.
Secure Boot on i.MX50, i.MX53, and i.MX 6
Series using HABv4
1. Introduction
1.1. Purpose
Executing trusted and authentic code on an applications
processor starts with securely booting the device. The
i.MX family of applications processors provides this
capability with the High Availability Boot (HAB)
component of the on-chip ROM. The ROM is
responsible for loading the initial program image from
the boot medium. HAB enables the ROM to
authenticate the program image by using digital
signatures. This initial program image is usually a
bootloader.
HAB provides a mechanism to establish a root of trust
for the remaining software components and establishes
a secure state on the i.MX IC’s secure state machine in
hardware.
The purpose of this application note is to provide a
secure boot reference for i.MX applications processors
that include HABv4. It demonstrates an example for
generating a signed U-Boot image and configuring the
IC to run securely.
1.2. Audience
This document is intended for those who:
Need an example of the procedure for signing a
boot image.
Need to design signed software images to be
used with a HAB-enabled processor.
Freescale Semiconductor, Inc.
Document Number: AN4581
Application Note
Rev. 1
,
10/2015
Contents
1. Introduction 1
2. Overview 4
3. Code signing example 4
4. Troubleshooting 10
5. Revision history 12
Appendix A. SRK Revocation on i.MX 6 Series 13
Appendix B. Fast Authentication (>HAB 4.1.2 only) 14
Appendix C. HAB4 CSF Examples 15
Appendix D. HAB Version/Chip matrix 18
Appendix E. Freescale manufacturing tool 18