When installing a new board support package from SD card
on the emmc of our board the following steps happen:
1. create a random key
2. encrypt it
3. store it on both the boot boot partition
4. decrypt the key and store it in RAM
5. we format the app end the home partition using the key from RAM
and the command "integritysetup format"
5. we open the app end the home partition using the key from RAM
and the command "integritysetup open" and copy the data from SD
card to eMMC
6. we close the app and the home partition
When we later boot from eMMC, the key is loaded and decrypted and the protected partitions are mounted.
The question is, when can we burn the fuses, in particular the "secure boot" fuse such that the unique, per device key is used for integrity protection?
If we do that before encrypting the key using the command "caam_tool enc", will the caam tool detect that the device is a secure device? I think it will not, because the device only becomes a secure device after power cycling.
So how can I create a secure device AND use per-device key for integrity protection without having to power cycle the device twice during the installation process?
The web page https://github.com/f-secure-foundry/caam-keyblob/ says:
"The secure operation of the CAAM and SNVS, in production deployments, should always be paired with Secure Boot activation."
Does this always requires an addition power cycling of the board before installing data on the secure partition?
Best regards:
Uwe Fechner
