LS1046A secure boot

renaud · ‎03-04-2021

Read the documentation about TF-A flow on the LS0146A. Now my head is full of question.

Regarding the flow Bootrom->BL1->BL2->BL31..BL33

Two images are produces bl2_ls1046.pbl (binary+rcw+pbi) and fip.bin (BL31+..+BL33).

BL2 validates BL31 to BL33. I was wondering why just not signed fip.bin and validate the binary.

Going further is it possible to have just one signed image bl2+fip.bin validated by the bootrom.

Clearly something I do not get about why we need such chain of trust.

Cheers.

My apologies if the message has been posted twice, it did fail the first time

r8070z · ‎03-05-2021

I refer to Layerscape Software Development Kit User Guide, Rev. 20.12, 12/2020. It says: “BL2 validates BL31, BL32, and BL33 images to the DDR memory after validating these images.” I cannot say that this vague sentence says that BL31, BL32, and BL33 are validated one by one in the daisy chain.
I think because the LSDK should be flexible in order satisfy different requirements it is separated on to BL2 BL3x. For sure it is reasonable to have 2 separate images. One (BL2) is loaded by the PBL and second (fip.bin) loaded by BL2 software.

View solution in original post

r8070z · ‎03-05-2021

I refer to Layerscape Software Development Kit User Guide, Rev. 20.12, 12/2020. It says: “BL2 validates BL31, BL32, and BL33 images to the DDR memory after validating these images.” I cannot say that this vague sentence says that BL31, BL32, and BL33 are validated one by one in the daisy chain.
I think because the LSDK should be flexible in order satisfy different requirements it is separated on to BL2 BL3x. For sure it is reasonable to have 2 separate images. One (BL2) is loaded by the PBL and second (fip.bin) loaded by BL2 software.