Encryption on imx6 cpus

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Encryption on imx6 cpus

ソリューションへジャンプ
3,457件の閲覧回数
friederbaumgrat
Contributor III

Dear NXP community,

since I am able to encrypt the uboot successfully, I can't boot the linux kernel image (uImage).

I noticed, l that the kernel stops initialisation when he wants to load the caam drivers.

When I use the [Unlock] command in my CSF file (with Engine = CAAM; Features = RNG) the kernel boots!

Without this command he stopps at said drivers.

I am using the code signing tool 2.3.2

So my question is, is this Unlock cammand   necessary?

If so, why...

Regards,

Frieder Baumgratz

ラベル(2)
0 件の賞賛
返信
1 解決策
3,012件の閲覧回数
gary_bisson
Senior Contributor III

Hi,

Please read the Secure Boot using HAB application note:

https://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf 

The section "3.3.2. RNG Trim fuses" explains that behavior.

Regards,

Gary

元の投稿で解決策を見る

0 件の賞賛
返信
5 返答(返信)
3,013件の閲覧回数
gary_bisson
Senior Contributor III

Hi,

Please read the Secure Boot using HAB application note:

https://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf 

The section "3.3.2. RNG Trim fuses" explains that behavior.

Regards,

Gary

0 件の賞賛
返信
3,012件の閲覧回数
friederbaumgrat
Contributor III

I just noticed, that when I set the [Unlock] command (with Engine = CAAM; Features = RNG) I can no longer use the dek_blob function.

UBoot prints: RNG: Instantiation failed with error fffffffe

Regards,

Frieder

0 件の賞賛
返信
3,012件の閲覧回数
Yuri
NXP Employee
NXP Employee

Hello,

  From section 3.3.2.2 [Option 2 – Defer RNG Instantiation for Post HAB

Software (Recommended Option)] of AN4581 :

"Any operations requiring the RNG are not available to software until it is initialized,

such as encryption and blob generation. This does not affect HAB-signed or encrypted

boot features"

Regards,

Yuri.

3,012件の閲覧回数
friederbaumgrat
Contributor III

Thank your for your answer.

Regards,

Frieder

0 件の賞賛
返信
3,012件の閲覧回数
friederbaumgrat
Contributor III

Hi,

thanks for your help.

Regards,

Frieder

0 件の賞賛
返信