• State TI Thinks Resolved
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 83 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM263P4: Image Validation

Addison Audette
Prodigy 155 points

Part Number: AM263P4

Inside of the hsm_rot_cert_validate.c in the TIFS software there is a call to HsmClient_procAuthBoot function to validate an image. The comment above the function call in code states that decryption of the image happens during validation if specified in the x509 certificate. 

 

Where in the x509 certificate designates whether the image should be decrypted or not during validation. Also is that refering to specifying whether or not the image that gets passed to the validation function is already decrypted or if the encrypted image should be decrypted during the validation process?

  • 0
    TI__Guru* 87821 points

    Hi,

    In the x509 certificate, there is an extension called [encryption] whose OID is 1.3.6.1.4.1.294.1.4 = ASN1:SEQUENCE:encryption

    If the image to be authenticated is encrypted, then the certificate calls it out using this extension,

    The HsmClient_procAuthBoot, is a service to authenticate the image and validate the cert (and also decrypt it if enc in cert)

    The corresponding handler implementation could be found in API HsmServer_procAuthBootHandler() present in {$TIFS}\source\modules\hsmserver\hsm_proc_auth_boot.c

    Thanks and Regards,

    Nikhil Dasan