FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

LS1021a secure boot and SD card

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

LS1021a secure boot and SD card

Jump to solution
‎04-21-2016 08:41 AM
1,318 Views
vsiles
Senior Contributor I

Hi,

I am working on a LS1021a board, using NXP SDK 1.9.

At the moment, I am using the ls1021atwr_sdcard_ifc_config for u-boot, and I successfully boot on the board without secure boot enabled, having Linux on the Normal World and a Secure OS on the Secure World.

My goal is to activate the secure boot to verify that u-boot and (at least) the Secure OS are correctly signed.

When I build u-boot, I see there is a ls1021atwr_nor_SECURE_BOOT_config target which is build. My question are (sorry if some are depending on NDA, I'm not sure):

1) can I build a sdcard_SECURE_BOOT_config version of u-boot ?

2) should I use the nor_SECURE_BOOT_config to validate the sdcard_ifc_config I already have build ?

3) Disregarding the OS in the secure world and my modification to u-boot, is there some documentation on how to correctly use nor_SECURE_BOOT_config to enable secure boot on this board (with just Linux on top of u-boot) ?

Best,

Vincent

Labels (1)
Labels
Tags (2)
Reply
1 Solution

Jump to solution
‎04-30-2016 10:22 AM
940 Views
bpe
NXP Employee
NXP Employee

>1) can I build a sdcard_SECURE_BOOT_config version of u-boot?

[Platon] You can build what is available under config/:

u-boot-qoriq/2015.01+fslgit-r0/git/configs$ ls -1 ls102*

ls1021aqds_ddr4_nor_defconfig

ls1021aqds_ddr4_nor_lpuart_defconfig

ls1021aqds_nand_defconfig

ls1021aqds_nor_defconfig

ls1021aqds_nor_lpuart_defconfig

ls1021aqds_nor_SECURE_BOOT_defconfig

ls1021aqds_qspi_defconfig

ls1021aqds_sdcard_defconfig

ls1021atwr_nor_defconfig

ls1021atwr_nor_lpuart_defconfig

ls1021atwr_nor_SECURE_BOOT_defconfig

ls1021atwr_qspi_defconfig

ls1021atwr_sdcard_ifc_defconfig

ls1021atwr_sdcard_qspi_defconfig

>2) should I use the nor_SECURE_BOOT_config to validate the

>sdcard_ifc_config I already have build ?

[Platon] No. Booting from SD card is two-stage, SPL is involved.

Read more in doc/README.SPL. If you wish to perform

a secure boot from SD card, you either need to eliminate SPL or

validate two images, SPL and the main u-Boot. While both approaches

are possible, none of them is currently implemented for your platform.

>3) Disregarding the OS in the secure world and my modification to u-boot,

>is there some documentation on how to correctly use nor_SECURE_BOOT_config

>to enable secure boot on this board (with just Linux on top of u-boot)

>

[Platon] Yes, study the document at the link below:

https://freescale.sdlproducts.com/LiveContent/content/en-US/QorIQ_SDK_1.9/GUID-038CFEAB-F051-46F9-94...


Have a great day,
Platon

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

View solution in original post

Reply
1 Reply

Jump to solution
‎04-30-2016 10:22 AM
941 Views
bpe
NXP Employee
NXP Employee

>1) can I build a sdcard_SECURE_BOOT_config version of u-boot?

[Platon] You can build what is available under config/:

u-boot-qoriq/2015.01+fslgit-r0/git/configs$ ls -1 ls102*

ls1021aqds_ddr4_nor_defconfig

ls1021aqds_ddr4_nor_lpuart_defconfig

ls1021aqds_nand_defconfig

ls1021aqds_nor_defconfig

ls1021aqds_nor_lpuart_defconfig

ls1021aqds_nor_SECURE_BOOT_defconfig

ls1021aqds_qspi_defconfig

ls1021aqds_sdcard_defconfig

ls1021atwr_nor_defconfig

ls1021atwr_nor_lpuart_defconfig

ls1021atwr_nor_SECURE_BOOT_defconfig

ls1021atwr_qspi_defconfig

ls1021atwr_sdcard_ifc_defconfig

ls1021atwr_sdcard_qspi_defconfig

>2) should I use the nor_SECURE_BOOT_config to validate the

>sdcard_ifc_config I already have build ?

[Platon] No. Booting from SD card is two-stage, SPL is involved.

Read more in doc/README.SPL. If you wish to perform

a secure boot from SD card, you either need to eliminate SPL or

validate two images, SPL and the main u-Boot. While both approaches

are possible, none of them is currently implemented for your platform.

>3) Disregarding the OS in the secure world and my modification to u-boot,

>is there some documentation on how to correctly use nor_SECURE_BOOT_config

>to enable secure boot on this board (with just Linux on top of u-boot)

>

[Platon] Yes, study the document at the link below:

https://freescale.sdlproducts.com/LiveContent/content/en-US/QorIQ_SDK_1.9/GUID-038CFEAB-F051-46F9-94...


Have a great day,
Platon

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

Reply