Encrypted Bootloader

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Encrypted Bootloader

247 Views
pilotnite
Contributor III

Support, 

I have been following the guide mx8ulp_9x_encrypted_boot.txt and have encountered an issue. 

In Step: 1.7 Generating the DEK Blob the instructions state: 

Copy dek_2 and dek_3 to the i.MX8ULP or 9x and run the following commands from
U-Boot prompt. Boot the flash.bin generated earlier with mkimage on board. Halt at
U-Boot and connect to host computer with USB Mass Storage (UMS):

mmc2(part 0) is current device
flash target is MMC:2
Net: eth0...
Fastboot: Normal
Normal Boot
Hit any Key to stop autoboot: 0
=> ums 0 mmc 2:1

Copy both DEK over to the board using the computer's file system. Now use fatload
and dek_blob to create and encapsulate the DEK blob.
=> mmc list
FSL_SDHC: 1
FSL_SDHC: 2 (eMMC)
=> fatload mmc 2:1 0x80280000 dek_2.bin
=> dek_blob 0x80280000 0x80281000 128
=> fatwrite mmc 2:1 0x80281000 dek_blob2.bin 0x48
=> fatload mmc 2:1 0x80280000 dek_3.bin
=> dek_blob 0x80280000 0x80281000 128
=> fatwrite mmc 2:1 0x80281000 dek_blob3.bin 0x48

Use UMS to copy the dek blobs back to the host PC. In host PC copy the generated
dek_blob binaries to the CST directory.

--

My question is: Can the above procedure be done using MFGTool uuu directly to copy the DEK blob back and forth? If yes, what are the uuu commands?

Additionally, I am trying to understand how this procedure will affect the mass manufacturing process. Is there any guide we can provide to the manufacturer so they can understand the process when flashing the OS to the board together with encrypted bootloader?

Your assistance in this matter would be greatly appreciated.

Best regards,

0 Kudos
Reply
2 Replies

216 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi,

Will reply back to you in another case that is from you.

 

Regards

Harvey

207 Views
pilotnite
Contributor III

@Harvey021 

 

Thank you.

0 Kudos
Reply