We tried encrypted boot on i.MX 6UL EVK with the AN12056 reference. We tried both procedures,
1. Signing and encrypting the signed image
2. Encrypting and signing the encrypted image
In both cases the board is not booting and we're not even able to debug anything. Here is the list of commands we've followed,
hexdump -e '/4 "%X""\n"' -s 20 -n 4 u-boot-dtb.imx
hexdump u-boot-dtb.imx | tail -n 1
~/Downloads/cst-3.3.0/linux64/bin/cst -o csf_enc.bin -i u-boot_enc.csf
cp u-boot-dtb.imx u-boot-dtb.imx.dummy
~/Downloads/cst-3.3.0/linux64/bin/cst -o csf_sign_enc.bin -i u-boot_sign_enc.csf
du -b csf_enc.bin
# Nonce/MAC = 2248 - 36
dd if=csf_enc.bin of=noncemac.bin bs=1 skip=2212 count=36
dd if=noncemac.bin of=csf_sign_enc.bin bs=1 seek=2212 count=36
objcopy -I binary -O binary --pad-to 0x2000 --gap-fill=0xff csf_sign_enc.bin csf_sign_enc_padded.bin
# signed and unencrypted U-Boot
cat u-boot-dtb.imx csf_sign_enc_padded.bin > u-boot_encrypted_no_dek.bin
sudo dd if=u-boot_encrypted_no_dek.bin of=/dev/sdc bs=1K seek=1 && sync
Hereby I've attached the following,
1. CSF for encryption
2. CSF signing the encrypted u-boot
Any help on this regard would be highly appreciated.
