<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>i.MX ProcessorsのトピックRe: imx8 secure boot questions.</title>
    <link>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1246086#M170892</link>
    <description>&lt;P&gt;&lt;a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/122775"&gt;@yang_wang-wy&lt;/a&gt;&amp;nbsp;&lt;BR /&gt;Hello,&lt;/P&gt;
&lt;P&gt;&amp;nbsp; You may look at the following discussion:&lt;/P&gt;
&lt;P&gt;&lt;A href="https://community.nxp.com/t5/i-MX-Processors/i-MX8X-permanently-revoke-a-SRK-key/m-p/1209783" target="_blank"&gt;https://community.nxp.com/t5/i-MX-Processors/i-MX8X-permanently-revoke-a-SRK-key/m-p/1209783&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;Note, some i.MX8 revoking details are not intended for public discussion.&lt;/P&gt;
&lt;P&gt;Also: unsigned or wrong signed firmware will not be loaded into Flash, images are checked &lt;BR /&gt;in DRAM memory.&lt;/P&gt;
&lt;P&gt;Regards,&lt;BR /&gt;Yuri.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Tue, 16 Mar 2021 06:05:30 GMT</pubDate>
    <dc:creator>Yuri</dc:creator>
    <dc:date>2021-03-16T06:05:30Z</dc:date>
    <item>
      <title>imx8 secure boot questions.</title>
      <link>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1244117#M170696</link>
      <description>&lt;P&gt;Hello Sir,&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;I have some questions about the secure boot want to make clear with your support based on IMX8 NXP processor.&lt;/P&gt;&lt;P&gt;1. When we use the cst tool generate a &lt;STRONG&gt;srk_1234_fuse.bin &lt;/STRONG&gt;means all the 4 pairs keys generated and we have 4 single pem public key. I want to say that if `&lt;STRONG&gt;srk_1234_fuse.bin&lt;/STRONG&gt;`all the value must be download in one time or could be separate 4 keys like we have 4 pem files? or I could ask if every verification process will use all the srk_1234_fuse.bin value or just 1/4 ?&lt;/P&gt;&lt;P&gt;2. If I must follow the sequence use the 1st pem file when sign the image? May I use the 2nd pem file sign the image first time? What is the rules about which one is working? How to let the first key to be dropped?&lt;/P&gt;&lt;P&gt;3. If I set the secure boot as `OEM_CLOSED` status means that I have start the full function of secure boot, I want to ask in this status that if the unsigned or wrong signed firmware will be download but not booting or directly can not be downloaded?&lt;/P&gt;&lt;P&gt;4. What is the difference in B0 and C0 in secure boot topic? Is there only the offset changed? (from 0x8000 to 0x0)? Because I have the B0 and C0 CPU modules but looks all the documents are related with the B0, But C0 is the tomorrow. &lt;LI-EMOJI id="lia_slightly-smiling-face" title=":slightly_smiling_face:"&gt;&lt;/LI-EMOJI&gt;&lt;/P&gt;&lt;P&gt;Many thanks for your help about the below questions.&lt;/P&gt;</description>
      <pubDate>Thu, 11 Mar 2021 10:44:55 GMT</pubDate>
      <guid>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1244117#M170696</guid>
      <dc:creator>yang_wang-wy</dc:creator>
      <dc:date>2021-03-11T10:44:55Z</dc:date>
    </item>
    <item>
      <title>Re: imx8 secure boot questions.</title>
      <link>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1244554#M170748</link>
      <description>&lt;P&gt;&lt;a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/122775"&gt;@yang_wang-wy&lt;/a&gt;&amp;nbsp;&lt;BR /&gt;Hello,&lt;/P&gt;
&lt;P&gt;Please look at my comments below.&lt;/P&gt;
&lt;P&gt;1.&lt;BR /&gt;&amp;nbsp; All SRKs should be treated, since the hash for each of the entire SRK table&lt;BR /&gt;is stored in the SRK fuses.&lt;/P&gt;
&lt;P&gt;2.&lt;BR /&gt;&amp;nbsp; It is possible to use another key. &lt;BR /&gt;&lt;BR /&gt;3.&lt;BR /&gt;&amp;nbsp; The firmware will be download (it is needed to check it) but not booting.&lt;/P&gt;
&lt;P&gt;4.&lt;BR /&gt;&amp;nbsp; Available information is provided in the following Migration Guide.&lt;BR /&gt;&lt;BR /&gt;&lt;A href="https://www.nxp.com/docs/en/application-note/AN12770.pdf" target="_blank"&gt;https://www.nxp.com/docs/en/application-note/AN12770.pdf &lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Regards,&lt;BR /&gt;Yuri.&lt;/P&gt;</description>
      <pubDate>Fri, 12 Mar 2021 04:11:26 GMT</pubDate>
      <guid>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1244554#M170748</guid>
      <dc:creator>Yuri</dc:creator>
      <dc:date>2021-03-12T04:11:26Z</dc:date>
    </item>
    <item>
      <title>Re: imx8 secure boot questions.</title>
      <link>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1244590#M170755</link>
      <description>&lt;P&gt;&lt;a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/1941"&gt;@Yuri&lt;/a&gt;&amp;nbsp;Many thanks for your information&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;about the Q2 could you help to provide some doc about how to disable the 1st or second key in fuse?&lt;/P&gt;&lt;P&gt;aboout Q3 I want to understand if NXP will provide some solution to OEM that avoid the unsigned or wrong signed firmware download into Flash?&lt;/P&gt;</description>
      <pubDate>Fri, 12 Mar 2021 05:23:07 GMT</pubDate>
      <guid>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1244590#M170755</guid>
      <dc:creator>yang_wang-wy</dc:creator>
      <dc:date>2021-03-12T05:23:07Z</dc:date>
    </item>
    <item>
      <title>Re: imx8 secure boot questions.</title>
      <link>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1246086#M170892</link>
      <description>&lt;P&gt;&lt;a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/122775"&gt;@yang_wang-wy&lt;/a&gt;&amp;nbsp;&lt;BR /&gt;Hello,&lt;/P&gt;
&lt;P&gt;&amp;nbsp; You may look at the following discussion:&lt;/P&gt;
&lt;P&gt;&lt;A href="https://community.nxp.com/t5/i-MX-Processors/i-MX8X-permanently-revoke-a-SRK-key/m-p/1209783" target="_blank"&gt;https://community.nxp.com/t5/i-MX-Processors/i-MX8X-permanently-revoke-a-SRK-key/m-p/1209783&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;Note, some i.MX8 revoking details are not intended for public discussion.&lt;/P&gt;
&lt;P&gt;Also: unsigned or wrong signed firmware will not be loaded into Flash, images are checked &lt;BR /&gt;in DRAM memory.&lt;/P&gt;
&lt;P&gt;Regards,&lt;BR /&gt;Yuri.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 16 Mar 2021 06:05:30 GMT</pubDate>
      <guid>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1246086#M170892</guid>
      <dc:creator>Yuri</dc:creator>
      <dc:date>2021-03-16T06:05:30Z</dc:date>
    </item>
    <item>
      <title>Re: imx8 secure boot questions.</title>
      <link>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1246108#M170894</link>
      <description>&lt;P&gt;Hello Yuri,&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;Many thanks for your feedback. It helps me a lot.&lt;BR /&gt;You say that I could not download the unsigned firmware into flash. Are there any preconditions?&lt;BR /&gt;OEM_closed or another status?&amp;nbsp;&lt;BR /&gt;Because I found I could use the dd command in Linux or in uboot to download the unsigned firmware into flash. But my board is NXP_closed status, and I don't use ahab_close to change the status because I must be careful to do this change.&lt;/P&gt;</description>
      <pubDate>Tue, 16 Mar 2021 06:24:42 GMT</pubDate>
      <guid>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1246108#M170894</guid>
      <dc:creator>yang_wang-wy</dc:creator>
      <dc:date>2021-03-16T06:24:42Z</dc:date>
    </item>
    <item>
      <title>Re: imx8 secure boot questions.</title>
      <link>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1246114#M170895</link>
      <description>&lt;P&gt;&lt;a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/122775"&gt;@yang_wang-wy&lt;/a&gt;&amp;nbsp;&lt;BR /&gt;Hello,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;as for "I could use the dd command in Linux or in uboot to download the unsigned&lt;BR /&gt;firmware into flash" - use signed U-boot and crypto-FS in Linux to avoid such issues.&lt;/P&gt;
&lt;P&gt;Regards,&lt;BR /&gt;Yuri.&lt;/P&gt;</description>
      <pubDate>Tue, 16 Mar 2021 06:29:09 GMT</pubDate>
      <guid>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1246114#M170895</guid>
      <dc:creator>Yuri</dc:creator>
      <dc:date>2021-03-16T06:29:09Z</dc:date>
    </item>
    <item>
      <title>Re: imx8 secure boot questions.</title>
      <link>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1246120#M170898</link>
      <description>&lt;P&gt;&lt;a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/1941"&gt;@Yuri&lt;/a&gt;,&amp;nbsp;okay, got it.&lt;BR /&gt;I will test a signed os container to verify it.&lt;BR /&gt;BTW, could you help give me some hint to using the imx-mkimage to generate the os container because we are using the yocto to build the file system and not use imx-mkimage for the rootfs wic file.&lt;BR /&gt;I checked&amp;nbsp;&lt;A href="https://community.nxp.com/t5/i-MX-Processors/How-to-generate-a-signed-OS-container-image-for-iMX8X/m-p/1243520" target="_blank"&gt;https://community.nxp.com/t5/i-MX-Processors/How-to-generate-a-signed-OS-container-image-for-iMX8X/m-p/1243520&lt;/A&gt;&amp;nbsp; and&amp;nbsp;&lt;A href="https://community.nxp.com/t5/i-MX-Processors/i-MX8X-Secure-Boot-with-encrypted-OS-container/m-p/1203669" target="_blank"&gt;https://community.nxp.com/t5/i-MX-Processors/i-MX8X-Secure-Boot-with-encrypted-OS-container/m-p/1203669&lt;/A&gt;&amp;nbsp;but not helpful.&lt;BR /&gt;Or I need to repost a new question in the community.&lt;/P&gt;</description>
      <pubDate>Tue, 16 Mar 2021 06:34:34 GMT</pubDate>
      <guid>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1246120#M170898</guid>
      <dc:creator>yang_wang-wy</dc:creator>
      <dc:date>2021-03-16T06:34:34Z</dc:date>
    </item>
    <item>
      <title>Re: imx8 secure boot questions.</title>
      <link>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1246126#M170900</link>
      <description>&lt;P&gt;&lt;a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/122775"&gt;@yang_wang-wy&lt;/a&gt;&amp;nbsp;&lt;BR /&gt;Hello,&lt;/P&gt;
&lt;P&gt;&amp;nbsp; Yes, it is good approach to repost a new question in the community.&lt;/P&gt;
&lt;P&gt;Regards,&lt;BR /&gt;Yuri.&lt;/P&gt;</description>
      <pubDate>Tue, 16 Mar 2021 06:47:01 GMT</pubDate>
      <guid>https://community.nxp.com/t5/i-MX-Processors/imx8-secure-boot-questions/m-p/1246126#M170900</guid>
      <dc:creator>Yuri</dc:creator>
      <dc:date>2021-03-16T06:47:01Z</dc:date>
    </item>
  </channel>
</rss>

