Hi,
We are trying to provide an alternate boot image in case authentication of first boot image fails during secure boot. As per LS1046ARM_Reference_Manual, DCFG ScratchRW3 should be written with the CSF header address for alternate boot image. When we test authentication fail for the first image, we get no error in DCFG ScratchRW4 and the alternate boot image is authenticated successfully. But our SEC Initialization is failing when we try to initialise it using alternate boot image .
Are we missing any additional steps in achieving this?
Any suggestions regarding this would be appreciated.
Thanks,
Faizanbaig Inamdar
What version of LSDK you are using?
Can you share your
input_files/uni_sign/ls1/nor/input_uboot_secure
input_files/uni_sign/ls1/sd_nand/input_uboot_secure
input_files/uni_sign/ls1/sd_nand/input_spl_uboot_secure
In the input files you use to sign the image, depends on your situation,
there should be a
SEC_IMAGE Flag for Secondary Image. Required for TA 2.x platforms only
that you can specify the secondary image information.
Where is the SEC_FLAG-=1 flag is set?
I check the Code Signing Tool (CST) input file and there is no such flag. Is it a flag for linux kernel built?
It sounds like this is not secure boot (ISBC/ESBC) related issue. If customer has a console log, a capture of the log of the message leading to "initializing the SEC" will be helpful. i.e. is the error from uboot init or linux init?
Thanks for the response, Issue was with our binary boot image file .
Now it successfully performs chain of trust from alternate image.