Hello Sir,
Currently, I am checking the secure boot feature on the imx8dx processer. I met some issues which need your help.
Background: I got the `cst-3.2.0` from the website of NXP and follow the document of uboot to generate the `SRK_1_2_3_4_fuse.bin` and `SRK_1_2_3_4_table.bin` and also include the pem files.
My questions
- Is there any command or script that I could verify if the keys are matched which I generated in local?
- I use the pem and `SRK_1_2_3_4_table.bin` to sign my container and also down the `SRK_1_2_3_4_fuse.bin` into the hardware fuse area. but I got two seco events. my bootcontainer contains the spl and uboot and other nxp necessary files. I only signed once. Do you know what is the reason or help to point some issues.
U-Boot# ahab_status
Lifecycle: 0x0020, NXP closed
SECO Event[0] = 0x0087F000
CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
IND = AHAB_BAD_SIGNATURE_IND (0xF0)
SECO Event[1] = 0x0087EE00
CMD = AHAB_AUTH_CONTAINER_REQ (0x87)
IND = AHAB_NO_AUTHENTICATION_IND (0xEE)
my understanding is that the 0x0087f000 is caused by my key is unmatched so I ask the Q1
and the 0x0087EE00 is caused by I only signed once in my container. but due to all the spl and uboot files are in one image How to sign the two files?
