High Assurance boot in i.MX6 (Secure boot)
Introduction Software updates are updated frequently. Any end user can install custom software in devices. This increases the threat of installing malwares. The consequences are unimaginable. Consideration security aspects, it is necessary that the hardware have some mechanism to ensure that the software it is running can be trusted. NXP's i.MX6 series chips provide High Assurance Boot (HAB) feature which meets such a requirement. Note There are huge source of documents in the community. But have few broken ends. This document links the broken ends. Hence you will find most of the data/text repeated. Mechanism An asymmetric encryption is adopted to implement the HAB feature. An utility called CST – Code Signing Tool is provided by Freescale to generate private key and corresponding public key pairs. For any system image the OEM want to release, the private key is used to do the encryption. This encryption generates a unique identifier for the image which is called a c...