Disable X.509 validity check during verification

Hi @gopi219

As mentioned in this post, Mbed TLS is now maintained under open governance at TrustedFirmware.org
Please post your questions in their mailing list next time.

As for your questions, I wouldn’t advise disabling date\time validity checks. There are reasons they exist.
As for your question, you can use public key instead of root ca certificate, but:

  1. you will lose the authentication part of the verification.
  2. You will need to implement your own custom bootloading scheme, as current bootloader scheme uses the x509 certificates, with a root CA.
    I don’t understand your question about the private key. also in the X509 scheme you will need your own key pair for the device \ server certificate, and you will need to store in in a secure site. If you are referring to storing it in a secure location on the device, there is no need in either scheme, as only the public key participates in the verification.

I am having trouble understanding why certificat eexpiration requires you to reinstall the boot code on site. Don’t you have some secure persistent storage for storing the root ca file ? Only this part should be replaced when certificate expiration, and this non volatile memory should be accessible by boot code. Are you embedding the certificate as part of the boot code? If so, then this is not recommended.
Regards,
Mbed Support
Ron