Creating and signing a Kernel FIT image for booting from a secured u-boot on i.MX93 EVKCM

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

Creating and signing a Kernel FIT image for booting from a secured u-boot on i.MX93 EVKCM

跳至解决方案
2,475 次查看
abt
Contributor III

Hi,

I have successfully deployed a CST signed u-boot image to i.MX93 EVKCM. The u-boot loads and starts correctly from an SD and the 'ahab_status' command output looks good. 

Now I am trying to figure out how to create a Kernel FIT image and sign it with CST so I can load it from a signed u-boot.

Image and imx93-11x11-evk.dtb artifacts were built successfully based on linux-6.1.33.tar.xz source code. 

Can anyone point me to specific resources with step by step instructions for creating and signing a FIT Kernel image ? 

Thanks!

 

0 项奖励
回复
1 解答
2,443 次查看
AldoG
NXP TechSupport
NXP TechSupport

Hello,

You may refer to the following:
https://github.com/nxp-imx/uboot-imx/blob/lf_v2022.04/doc/imx/ahab/guides/sign_os_cntr.txt

Aside from this, unfortunately we do not have any other guides for it.

Best regards,
Aldo.

在原帖中查看解决方案

0 项奖励
回复
2 回复数
2,444 次查看
AldoG
NXP TechSupport
NXP TechSupport

Hello,

You may refer to the following:
https://github.com/nxp-imx/uboot-imx/blob/lf_v2022.04/doc/imx/ahab/guides/sign_os_cntr.txt

Aside from this, unfortunately we do not have any other guides for it.

Best regards,
Aldo.

0 项奖励
回复
1,886 次查看
omar_aberkan
Contributor III

In my opinion this is not solved. Why can't we just use a standard signed FIt Image? This works perfect on an IMX6 and IMX8.

The OS containier is basicly a signed kernel, but what if we also want to use an initramfs, how can we protect that?

We also need to protect our cryptsetup keys. There is no DCP or CAAM on the IMX93. Is there no simple solution to safely store the cryptsetup keys on the the device?

Many others have these problems. But there are still no solutions. Please fix them as soon as possible.

0 项奖励
回复