• DM-Verity singing/verification in i.MX8MQ

    Hi All,   I want to understand DM-Verity singing/verification process of system and vendor images on i.MX8M Android platform.   We are using i.MX8MQ custom board. DM-Verity support is enabled in kerne...
    pratik manvar
    last modified by pratik manvar
  • i.MX8MQ EVK: Secure boot with rollback prevention

    Hi all   I have an i.MX8MQ EVK with an extended secure boot all the way up to a custom uImage. Now I want to add a rollback prevention mechanism for our custom uImage. For this, I currently assume the proper loc...
    Cyrill Gössi
    last modified by Cyrill Gössi
  • Sign Android images with new generated keys.

    We're trying to sign target files with our own keys (generated with the mkkeys.sh script, as described in the FAQ pdf ), but are getting an error: rewriting BOOT/RAMDISK/default.prop: replace: ro.bootimage.build.fin...
    Nuno Vilaça
    last modified by Nuno Vilaça
  • Trusty TEE support in iMX8 Mini

    Hi Sir, I am planning to use iMX 8 Mini for my project. On security and Trusted Execution Environment (TEE) pdf document of NXP it is mentioned that iMX8 Mini comes with Trusted Execution Environment (TEE). and...
    Maneesh Singh
    last modified by Maneesh Singh
  • Enabling DM-Verity singing failed on i.MX8MQ

    Hello,   I am using i.MX8MQ custom board. I want to enable DM-Veiry signing using dm-verity RSA private key available at "Android-9.0/build/target/product/security/verity/verity.pk8".   The kernel configur...
    pratik manvar
    last modified by pratik manvar
  • i.MX8M mini CAAM and SNVS

    Hello can the CAMM Cryptographic Acceleration and Assurance Module and SNVS Secure Non-Volatile Storage hw modules in iMx8MMini considered equivalent in features and performance to a TPM ? Can I achieve with th...
    Antonio Santagiuliana
    last modified by Antonio Santagiuliana
  • CAAM or OP-TEE

    Hello,   I'm looking to store some sensitive data on the i.MX 8M Mini EVK and have a question regarding usage of the CAAM and OP-TEE.   I've found the example projects here: imx_sec_apps - i.MX Securi...
    Mark Saenger
    last modified by Mark Saenger
  • i.MX8MQ EVK: Failing to write SNVS registers from u-boot CLI

    Hi all   I'm trying to access the SNVS registers from the interactive U-Boot CLI. Looking at the SNVS_HP Command Register (HPCOMR), I see field 31 as set and with this assume I should be able to access privilege...
    Cyrill Gössi
    last modified by Cyrill Gössi
  • Emmc UUU flashing of signed ahab images to imx8qxp Evk

    We are trying to flash cst signed ahab images to imx8qxp evk. The following are the images in hand   container with singed uboot ----> flash.bin container with signed Image and dtb ---- > Image custom-ba...
    Vimal Babu
    last modified by Vimal Babu
  • Needs to develop a script which will automate password change

    Hi,   In my current project I must develop a script which will automate changing password. Manually I cannot enter the password. The script has to provide the password. When I checked the passwd command option I ...
    vijith G
    last modified by vijith G
  • Using cst-tools signing *.out file

    Hi,   I am using sbc connect core 6 board for my product development. I have to add security to my developed firmware application. Because we are planning to use secure update of the application firmware. For th...
    vijith G
    last modified by vijith G
  • Identify boot ,shutdown or reboot in linux shell script yocto linux

    Hi,   In my current project I need to identify running jobs for detecting the system is in reboot or shutdown level. Using systemctl I knows how to identify the jobs. But in Digi yocto linux i could not find sy...
    vijith G
    last modified by vijith G
  • hab4_pki_tree.sh error  - RAND_load_file:Cannot open file

    Hello,  I am using hab4_pki_tree.sh script to generate keys and certificates for imX8m mini. openssl version returns :    OpenSSL 1.1.1 11 Sep 2018   when I run the script I get this error mess...
    Antonio Santagiuliana
    last modified by Antonio Santagiuliana
  • DM-Crypt keyutils build failure on Yocto warrior - iMX 6UL

    Hi,     I'm building Yocto project (Warrior branch) for iMX 6UL EVK and tried dm-crypt from https://www.nxp.com/docs/en/application-note/AN12714.pdf      When I tried including the ...
    Kanimozhi Thangappan
    last modified by Kanimozhi Thangappan
  • TPM (SLB9670) initialization failed on i.MX8 ECSPI2

    Hi,   I'm working on getting the Infineon SLB9670 to work on the ECSPI2 bus of an IMX8MQ processor on the 4.19.35 kernel built using Yocto. The device seems to get detected on the bus ( there's a "spi1.0" node i...
    Rohit Dubey
    last modified by Rohit Dubey
  • CST 3.3.0 returns Undefined error

    Hello, I am trying to setup secure boot on my iMX8MM device I end up with an error with cst tool versio 3.3.0 : Error: Cannot open key file CSF1_1_sha256_4096_65537_v3_usr_key.pem 140578450752768:error:06065064:dig...
    AURELIEN BOUIN
    last modified by AURELIEN BOUIN
  • SECURE BOOT FOR IMX6SX USING TPM CHIP(SE050B)

    We are using imx6sx processor , dunfell branch ,linux 5.4 1.How to use TPM for storing the secure boot keys? Is there any reference for this integration? 2.Is there are specific secure boot document for imx6sx imple...
    RAMAKRISHNA thumu
    last modified by RAMAKRISHNA thumu
  • parseIVT - a script to help i.MX6 Code Signing

    Products Product Category NXP Part Number URL MPU i.MX6 Family https://www.nxp.com/products/processors-and-microcontrollers/arm-processors/i-mx-applications-processors/i-mx-6-processors:IMX6X_SERIES   Tools NX...
    Biyong Sun
    last modified by Biyong Sun
  • Selection of iMX8M family

    We are working on Security Features implementation for Embedded applications to be used in Consumer and Automotive Infotainment. Would like to get assistant on selecting the iMX8M family. Please suggest us to select...
    Kanimozhi Thangappan
    last modified by Kanimozhi Thangappan
  • hab_auth_img problem

    Hello, I am using imx8mm-evk. I am trying to sign a Kernel image and verify its signature from u-boot with command hab_auth_img. I followed the instruction at mx8m_mx8mm_secure_boot.txt\guides\habv4\imx\doc - ubo...
    Antonio Santagiuliana
    last modified by Antonio Santagiuliana