ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to generate the os_container with yocto project by imx-mkimage tool?

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

How to generate the os_container with yocto project by imx-mkimage tool?

‎03-16-2021 12:09 AM
1,045件の閲覧回数
yang_wang-wy
Contributor III

Hello Sir,
I am working on the imx8dx products. I use the yocto to build my file system and integrate the kernel dtb and rootfs into one wic image.
I have one question about generating the os_container with the yocto project or by manual with the imx-mkimage tool?

Because I want to verify the secure boot function and use the auth_cntr command to verify my firmware in uboot. 

I checked the two-issue and not helpful with my question. https://community.nxp.com/t5/i-MX-Processors/How-to-generate-a-signed-OS-container-image-for-iMX8X/m...  https://community.nxp.com/t5/i-MX-Processors/i-MX8X-Secure-Boot-with-encrypted-OS-container/m-p/1203...

 

ラベル(1)
0 件の賞賛
返信
4 返答(返信)

‎03-17-2021 08:33 PM
1,015件の閲覧回数
Yuri
NXP Employee
NXP Employee

@yang_wang-wy 
Hello,

  We have not considered and tested use case to pack the  Root-FS into
the container, assuming using crypto-FS.

Regards,
Yuri.

0 件の賞賛
返信

‎03-23-2021 05:22 PM
996件の閲覧回数
yang_wang-wy
Contributor III

Hello @Yuri 

Maybe I could have below understanding, check my point, please.

1. Our verify process could only support from power on to kernel start, this means that the uboot could verify the kernel but kernel can not do more.

2. if we can not use the imx-mkimage to generate a container that how to use the cst tool to sign it?

0 件の賞賛
返信

‎03-23-2021 07:24 PM
992件の閲覧回数
Yuri
NXP Employee
NXP Employee

@yang_wang-wy 
Hello,

  the recommended trust chain is as following:

i.MX boot ROM HAB checks U-boot;
U-boot checks kernel;
kernel uses encrypted root FS.

Regards,
Yuri.

0 件の賞賛
返信