Hi,
I am currently trying to get acquainted with the secure boot implementation on Layerscape processors. I have been reading a lot in the documentation in the last days, but it is still not clear to me how everything works.
From what I understand these are the boot stages:
BL1 : BootROM code
BL2 : Pre-Bootloader
BL31 : EL3 runtime firmware
BL32 : OP-TEE (optional)
BL33 : U-Boot
All stages seem to be verified with a CSF header that contains the commands, pointers and checksums of the images to be verified. Is the same CSF header used for all stages?
The Bitbake recipe here seems to take care of the signing and fusing process. I don't fully understand all parts of the recipe, but is it sufficient to provide your own SRK files to automatically sign the images and build the fuse provisioning image?