https://community.nxp.com/t5/i-MX-Processors/Secure-boot-i-mx7D/m-p/815156#M125587 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You already boot up the board in a secure manner using a closed device + a signed u-boot =&gt; so this is secure!</P><P>The feature is called secure boot :smileyhappy:&nbsp;not "secure every app in every stage".</P><P></P><P>After you already boot up, you can use any other app to play with, even a non-signed u-boot.</P><P>How you started the 2nd u-boot?&nbsp;</P><P>In theory, if the device is closed the u-boot terminal is no longer&nbsp;available&nbsp;for the user. If still available, you can set boot_delay to 0.&nbsp;</P><P>To stop loading a 2nd u-boot via jtag, you can disable the JTAG programming a dedicated fuse for that.</P><P></P><P>Btw, for full a full secure chain of trust u-boot - Linux, please take a look also to this AN [1]. But again, even in Linux you can load a custom application. After the device is booting up in a secure manner, it's up to you to maintain the system in a secure state.</P><P></P><P>Best regards,</P><P>Marius</P><P></P><P>[1]&nbsp;<A class="link-titled" href="https://www.nxp.com/docs/en/application-note/AN4581.pdf" title="https://www.nxp.com/docs/en/application-note/AN4581.pdf">https://www.nxp.com/docs/en/application-note/AN4581.pdf</A>&nbsp;</P></BODY></HTML> Mon, 16 Jul 2018 15:40:37 GMT marius_grigoras 2018-07-16T15:40:37Z https://community.nxp.com/t5/i-MX-Processors/Secure-boot-i-mx7D/m-p/815155#M125586 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #51626f; background-color: #ffffff;">I have closed my device and secured my device ,hab_status shows that&nbsp;Secure boot enabled.I have downloaded a signed u-boot.imx ,but why I can download a no signed boot.img .It's not secure.I think a signed u-boot.imx can't load a no signed boot.img.Can you help me.Thank you!</SPAN></P></BODY></HTML> Mon, 16 Jul 2018 09:23:35 GMT https://community.nxp.com/t5/i-MX-Processors/Secure-boot-i-mx7D/m-p/815155#M125586 llliu 2018-07-16T09:23:35Z https://community.nxp.com/t5/i-MX-Processors/Secure-boot-i-mx7D/m-p/815156#M125587 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You already boot up the board in a secure manner using a closed device + a signed u-boot =&gt; so this is secure!</P><P>The feature is called secure boot :smileyhappy:&nbsp;not "secure every app in every stage".</P><P></P><P>After you already boot up, you can use any other app to play with, even a non-signed u-boot.</P><P>How you started the 2nd u-boot?&nbsp;</P><P>In theory, if the device is closed the u-boot terminal is no longer&nbsp;available&nbsp;for the user. If still available, you can set boot_delay to 0.&nbsp;</P><P>To stop loading a 2nd u-boot via jtag, you can disable the JTAG programming a dedicated fuse for that.</P><P></P><P>Btw, for full a full secure chain of trust u-boot - Linux, please take a look also to this AN [1]. But again, even in Linux you can load a custom application. After the device is booting up in a secure manner, it's up to you to maintain the system in a secure state.</P><P></P><P>Best regards,</P><P>Marius</P><P></P><P>[1]&nbsp;<A class="link-titled" href="https://www.nxp.com/docs/en/application-note/AN4581.pdf" title="https://www.nxp.com/docs/en/application-note/AN4581.pdf">https://www.nxp.com/docs/en/application-note/AN4581.pdf</A>&nbsp;</P></BODY></HTML> Mon, 16 Jul 2018 15:40:37 GMT https://community.nxp.com/t5/i-MX-Processors/Secure-boot-i-mx7D/m-p/815156#M125587 marius_grigoras 2018-07-16T15:40:37Z https://community.nxp.com/t5/i-MX-Processors/Secure-boot-i-mx7D/m-p/815157#M125588 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Boot ROM does not allow to run unsigned U-boot; further responsibility for verifying and running applications</P><P>under U-boot belongs to the U-boot.&nbsp;</P><P></P><P>Regards,</P><P>Yuri.</P></BODY></HTML> Thu, 19 Jul 2018 02:55:54 GMT https://community.nxp.com/t5/i-MX-Processors/Secure-boot-i-mx7D/m-p/815157#M125588 Yuri 2018-07-19T02:55:54Z