Hi,
I am working on a LS1021a board, using NXP SDK 1.9.
At the moment, I am using the ls1021atwr_sdcard_ifc_config for u-boot, and I successfully boot on the board without secure boot enabled, having Linux on the Normal World and a Secure OS on the Secure World.
My goal is to activate the secure boot to verify that u-boot and (at least) the Secure OS are correctly signed.
When I build u-boot, I see there is a ls1021atwr_nor_SECURE_BOOT_config target which is build. My question are (sorry if some are depending on NDA, I'm not sure):
1) can I build a sdcard_SECURE_BOOT_config version of u-boot ?
2) should I use the nor_SECURE_BOOT_config to validate the sdcard_ifc_config I already have build ?
3) Disregarding the OS in the secure world and my modification to u-boot, is there some documentation on how to correctly use nor_SECURE_BOOT_config to enable secure boot on this board (with just Linux on top of u-boot) ?
Best,
Vincent
Solved! Go to Solution.
>1) can I build a sdcard_SECURE_BOOT_config version of u-boot?
[Platon] You can build what is available under config/:
u-boot-qoriq/2015.01+fslgit-r0/git/configs$ ls -1 ls102*
ls1021aqds_ddr4_nor_defconfig
ls1021aqds_ddr4_nor_lpuart_defconfig
ls1021aqds_nand_defconfig
ls1021aqds_nor_defconfig
ls1021aqds_nor_lpuart_defconfig
ls1021aqds_nor_SECURE_BOOT_defconfig
ls1021aqds_qspi_defconfig
ls1021aqds_sdcard_defconfig
ls1021atwr_nor_defconfig
ls1021atwr_nor_lpuart_defconfig
ls1021atwr_nor_SECURE_BOOT_defconfig
ls1021atwr_qspi_defconfig
ls1021atwr_sdcard_ifc_defconfig
ls1021atwr_sdcard_qspi_defconfig
>2) should I use the nor_SECURE_BOOT_config to validate the
>sdcard_ifc_config I already have build ?
[Platon] No. Booting from SD card is two-stage, SPL is involved.
Read more in doc/README.SPL. If you wish to perform
a secure boot from SD card, you either need to eliminate SPL or
validate two images, SPL and the main u-Boot. While both approaches
are possible, none of them is currently implemented for your platform.
>3) Disregarding the OS in the secure world and my modification to u-boot,
>is there some documentation on how to correctly use nor_SECURE_BOOT_config
>to enable secure boot on this board (with just Linux on top of u-boot)
>
[Platon] Yes, study the document at the link below:
Have a great day,
Platon
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
>1) can I build a sdcard_SECURE_BOOT_config version of u-boot?
[Platon] You can build what is available under config/:
u-boot-qoriq/2015.01+fslgit-r0/git/configs$ ls -1 ls102*
ls1021aqds_ddr4_nor_defconfig
ls1021aqds_ddr4_nor_lpuart_defconfig
ls1021aqds_nand_defconfig
ls1021aqds_nor_defconfig
ls1021aqds_nor_lpuart_defconfig
ls1021aqds_nor_SECURE_BOOT_defconfig
ls1021aqds_qspi_defconfig
ls1021aqds_sdcard_defconfig
ls1021atwr_nor_defconfig
ls1021atwr_nor_lpuart_defconfig
ls1021atwr_nor_SECURE_BOOT_defconfig
ls1021atwr_qspi_defconfig
ls1021atwr_sdcard_ifc_defconfig
ls1021atwr_sdcard_qspi_defconfig
>2) should I use the nor_SECURE_BOOT_config to validate the
>sdcard_ifc_config I already have build ?
[Platon] No. Booting from SD card is two-stage, SPL is involved.
Read more in doc/README.SPL. If you wish to perform
a secure boot from SD card, you either need to eliminate SPL or
validate two images, SPL and the main u-Boot. While both approaches
are possible, none of them is currently implemented for your platform.
>3) Disregarding the OS in the secure world and my modification to u-boot,
>is there some documentation on how to correctly use nor_SECURE_BOOT_config
>to enable secure boot on this board (with just Linux on top of u-boot)
>
[Platon] Yes, study the document at the link below:
Have a great day,
Platon
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------