GMAC Generation

Galois Message Authentication Code (GMAC) is an authentication-only variant of the GCM (Galois/Counter Mode) which can form an incremental message authentication code.

Figure 1. GMAC Generation Panel
  • Key Type - allows to select the type of key that will be loaded and used to generate the GMAC authentication tag. Possible values are:
    • Plain ADKP -> plain Application Debug Key/Password
  • Use new authenticated image format - enable generation of the exported images in the new authenticated image format.
  • Key File - represents the txt file that contains the value of the key in a hexadecimal string format. Depending on the Key Type selection, the constraint for the file length is:
    • Plain ADKP -> 32 characters in hex format

To increase the security level of the device, all active assets in the external flash memory must be authenticated so that they can be securely booted. In this case, the integrity of the images that control the platform’s resources is ensured. IVT, DCD, and Self-Test DCD images are signed by HSE FW (via dedicated service) using a key derived from ADKP (Application Debug Key/Password). These images will be verified by the Boot ROM during the boot sequence only if the IVT_AUTH fuse is blown, and the device Lifecycle is set to OEM_PROD or IN_FIELD.

There are two cases available for the secure boot flow:

  • Basic Secure Boot (BOOTSEQ: Secured Boot is checked) – the application image must be signed using a key derived from ADKP. This signature generation can be done offline, using the IVT tool, based on the txt key file that corresponds to the selected key type (Plain ADKP)
  • Advanced Secure Boot (BOOTSEQ: Secured Boot is checked , IVT_AUTH is blown, and device Lifecycle is set to OEM_PROD or IN_FIELD) – all images (IVT, DCD, Self-Test DCD, and Application bootloader images) must be signed using a key derived from ADKP.
To avoid confusion, the IVT tool will provide the signature for all loaded images when the final blob image is exported, if BOOTSEQ: Secure Boot setting is checked.
Figure 2. Select Secure Boot
The 'Sign image' button allows to manually configure the images to be signed in the final exported blob.
Note:
  1. Before using the GMAC generation feature, make sure the selected processor supports the offline GMAC generation using the ADKP value.