I want to enable the secure boot on imx8m plus board with Android 14 BSP, such that the board will always boot on our signed keys only.
pls refer to this document firstly
I have followed the steps given in the PDF and generated the keys like:
SRK1_sha256_1024_65537_v3_ca_key.der
SRK1_sha256_1024_65537_v3_ca_key.pem
SRK1_sha256_1024_65537_v3_usr_key.der
SRK1_sha256_1024_65537_v3_usr_key.pem
SRK1_sha256_2048_65537_v3_ca_key.der
SRK1_sha256_2048_65537_v3_ca_key.pem
SRK2_sha256_1024_65537_v3_ca_key.der
SRK2_sha256_1024_65537_v3_ca_key.pem
SRK2_sha256_2048_65537_v3_ca_key.der
SRK2_sha256_2048_65537_v3_ca_key.pem
SRK3_sha256_2048_65537_v3_ca_key.der
SRK3_sha256_2048_65537_v3_ca_key.pem
SRK4_sha256_2048_65537_v3_ca_key.der
SRK4_sha256_2048_65537_v3_ca_key.pem and also the CSF, IMG and CA.
the private keys are openssl x509 -in crts/SRK1_sha256_2048_65537_v3_ca_crt.pem -text -noout | grep Subject
Subject: CN = SRK1_sha256_2048_65537_v3_ca
Subject Public Key Info:
X509v3 Subject Key Identifier:
openssl x509 -in crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem -text -noout | grep Issuer
Issuer: CN = SRK1_sha256_2048_65537_v3_ca
openssl rsa -in keys/SRK1_sha256_2048_65537_v3_ca_key.pem -check
Enter pass phrase for keys/SRK1_sha256_2048_65537_v3_ca_key.pem:
RSA key ok
Are all these keys ready to flash on imx8m plus smarc som?
did you generate SRK table already?
yes,SRK Hash TableSRK Hash TableSRK Hash TableSRK Hash TableSRK Hash Table the SRK Hash table is generated successfully from the keys
ok, then you can refer to the chapter 3.1.2.2 Signing bootloader images and 3.1.2.3 Signing the MCU firmware of enclosed file
I have burned the fuses on my imx8m plus board, but unable to get the signed image or flashing,
how to recover and find the correct igned image for flashig?
I am unable to sign the correct image on my imx8m plus board after fusing the keys permanently on the board!