In an HAB V4 enabled secure boot flow, what would be the best way to authenticate the Cortex-M7 firmware as well? I have tried a couple of flows but they aren't a complete solution to what I want:
1. Package the M7 FW in a FIT image along with Kernel and Kernel Device tree. However, I am booting M7 firmware from the TCM. In this case, the FIT image is unable to load the M7 firmware to the TCM load address of 0x7e0000. I can't even load the M7 image directly to the 0x7e0000 address as it complains of it being a reserved partition.
u-boot=> load mmc 2:1 0x7e0000 boot/m7_app.bin
** Reading file would overwrite reserved memory **
Failed to load 'boot/m7_app.bin'
2. Tried packaging the M7 bin along with the FIT image in which u-boot carries the ARM-TF binary and the U-Boot FDT etc. Using this as well I'm unable to load the binary at the TCM address.
Is the above approach in the right direction for authenticating the M7 firmware? Or could there be a better way to achieve M7 FW authentication?
You can see mx8m_secure_boot.txt(3.Authenticating additional boot images )