ATF: measureboot in imx8mp platform is not enabled

govindsi · ‎07-07-2025

Any specific reason why measured boot is not enabled in the i.MX8MP platform?

The ##imx8mp/platform.mk does not have a default rule to enable the same

##plat/imx/imx8m/imx8m_measured_boot.

In my platform, I have enabled HAB secure boot and I am trying to enable the measured boot event log. My main objective is:

Read the measured boot event log from the ATF-reserved DRAM region (0x53001000).

I don’t have a discrete TPM, hence I want to read the event log region and pass it to OP-TEE via a TA from U-Boot.

Any specific reason why the measured boot code is not enabled for the i.MX8M platform?

Harvey021 · ‎07-16-2025

The measured boot from upstream that we do not enable mainly due to less demand.

Regards

Harvey

govindsi · ‎07-07-2025

Shouldn't the imx8m_measured_boot.c to be included in BL31 also as load_auth_image ( which is common function for all stages) measures and logs to event log. At least i can capture the measurement of BL31- BL32-BL33. My intention is to pass the the measurements to optee and save to rpmb - by reading the measured boot event log from the ATF-reserved DRAM region and sending to optee via smc call.

govindsi · ‎07-07-2025

Also i checked in the code measure boot is enabled only in BL2 image.

ifeq (${MEASURED_BOOT},1)
MEASURED_BOOT_MK := drivers/measured_boot/event_log/event_log.mk
$(info Including ${MEASURED_BOOT_MK})
include ${MEASURED_BOOT_MK}

BL2_SOURCES += plat/imx/imx8m/imx8m_measured_boot.c \
plat/imx/imx8m/imx8m_dyn_cfg_helpers.c \
${EVENT_LOG_SOURCES}
endif

So does imx8mm uses Boot ROM → SPL → BL2 → BL31 → BL33 (U‑Boot) against imx8mp Boot ROM → SPL → BL31 → BL33(U‑Boot) ?

I have not seen any reference for imx8mp where BL2 is part of the FIT image.