Communicating securely from Linux to U-Boot in i.MX8MM

Sampo · ‎05-19-2024

I have an i.MX8MM device with secure boot enabled. Is there a secure way to store encrypted data in the Linux world, that can then be read from U-boot? Using a fully encrypted filesystem is not an option.

I was considering using the "blob enc/dec" commands, but I was unable to find clear and up to date instructions on how to use them. Is it even possible to encrypt generic data in Linux, and then decrypt it in U-Boot?

Harvey021 · ‎05-22-2024

We don't have such a reference implementation yet. After blob decryption, the generated black key is injected into the Linux keyring.

You may have a try to port the decryption blob descriptor to uboot.

Regards

Harvey

View solution in original post

Harvey021 · ‎05-22-2024

We don't have such a reference implementation yet. After blob decryption, the generated black key is injected into the Linux keyring.

You may have a try to port the decryption blob descriptor to uboot.

Regards

Harvey

Communicating securely from Linux to U-Boot in i.MX8MM

Communicating securely from Linux to U-Boot in i.MX8MM

i.MX 8M | i.MX 8M Mini | i.MX 8M Nano

Linux

Security