Hello Sir,
I am working on the imx8dx products. I use the yocto to build my file system and integrate the kernel dtb and rootfs into one wic image.
I have one question about generating the os_container with the yocto project or by manual with the imx-mkimage tool?
Because I want to verify the secure boot function and use the auth_cntr command to verify my firmware in uboot.
I checked the two-issue and not helpful with my question. https://community.nxp.com/t5/i-MX-Processors/How-to-generate-a-signed-OS-container-image-for-iMX8X/m... https://community.nxp.com/t5/i-MX-Processors/i-MX8X-Secure-Boot-with-encrypted-OS-container/m-p/1203...
Hello @Yuri
Maybe I could have below understanding, check my point, please.
1. Our verify process could only support from power on to kernel start, this means that the uboot could verify the kernel but kernel can not do more.
2. if we can not use the imx-mkimage to generate a container that how to use the cst tool to sign it?
@yang_wang-wy
Hello,
use the following:
https://www.nxp.com/docs/en/application-note/AN12312.pdf
Regards,
Yuri.