Hi,
I would like to apply HAB (encrypted boot) to a product that uses i.MX8MN.
For encrypted boot, we need to generate a DEK Blob on the device side,
It is generated by calling dek_blob.pta in OP-TEE.
We have confirmed that using a DEK Blob generated with PRIBLOB=01 in CAAM, the device boots successfully from the encrypted image with the DEK Blob merged.
However, if a DEK Blob generated with PRIBLOB=11 is used, the boot fails.
For this reason, it seems that PRIBLOB cannot be set to 11 in order to generate Blobs that support encrypted boot when implementing the software update function.
However, it also seems that this setting is not recommended.
In view of the implementation of the software update function, could you please tell us about the best practice for DEK Blob generation?
Best regards,
