Hi,
I am trying to get a hold of the modifications to be performed on input files of SDK in order to get it to generate composite FW images for QSPI secure boot on LS1046 FRWY, both for prototyping and for production, with a 4-key SRK table instead of the default single SRK.
- I have already built and tested successfully composite image for prototyping (SBEN = 1; BOOT_HO = 1; single SRK priv/pub pair by launching: flex-builder -m ls1046afrwy -b qspi -s
- To generate the matching version for production, I suppose I simply need to change the file packages/firmware/rcw/ls1046afrwy/NN_NNQNNPNP_3040_0506/rcw_1600_qspiboot_sben.rcw and modify SBEN and BOOT_HO to 0 (ITS will already be fused via CCS).Is this correct?
- What are the steps needed to generate a composite image with a 4-key SRK table instead of the single default key?
NOTE: from the logs, I am seeing several input files being called, which I already edited to point to a 4-key set, but this editing wasn't sufficient. Files are
- packages/firmware/atf/plat/nxp/drivers/auth/csf_hdr_parser/input_bl2_ch2
- packages/firmware/atf/plat/nxp/drivers/auth/csf_hdr_parser/input_blx_ch2
It appears that flex-builder ovverrides some of the settings defined in these input file and generates (through which other input files?) an srk pair, despite input file modifications. I also found at least one spot inside the flex-builder script that directly copies the srk pair around, not reading the key name into a variable from any input file, but just using the default one, like this:
cp -f $FBDIR/packages/apps/cst/srk.pri $FBDIR/build/images
Can you please explain if and how flex-builder can be used for the purpose of generating headers and composite images with the 4-key table?
Thanks for supporting.
Matteo Giaconia
