How to get the newest secure boot guid

>1. What is the above phenomenon?Is it because the content of the encrypted signature does not match?

seems yes.

   >   2。If I rediscover a board and follow the above process again, before I write "fuse prog 0 6 0x2".

>Do I have a way to verify that the hash value in the fuse matches the signature in the current uboot?

on burned board it is not possible verify signatures or debug it somehow, I am afraid

Best regards
igor

igorpadykov:

  The second question I have above is： I get a new board which is not burned the fuse any more.

   after I burn the value which get form SRK_1_2_3_4_fuse.bin(before write "SRK_1_2_3_4_fuse.bin" to board).Do I have a way to verify that the hash value in the fuse matches the signature in the current uboot.Not on the burned board.

I find the AN4581 have a descriptor

CSF
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Address Offset Length Data File Path
Blocks = 0x877fb000 0x000 0x48000 “/<path_to_u-boot_dir>/u-boot-dtb.imx"

On the section：“ E.1. Dumping U-boot binary ”

The description of the document is as follows：

od -X -N 0x20 u-boot-dtb.imx:
0000000 402000d1 87800000 00000000 877ff42c
0000020 877ff420 877ff400 8786d000 00000000

IVT address: 0x877ff400
Image length: CSF PTR – IVT Self = 0x8786d000 – 0x877ff400 = 0x6DC00
In CSF [Authenticate Data] field:
Block = 0x877ff400 0x00000000 0x0006DC00 “u-boot-dtb.imx

On my project,the uboot which burn into board is u-boot.imx

And I try the od command

od -X -N 0x20 u-boot.imx
0000000 402000d1 0090742c 00000000 00000000
0000020 00907420 00907400 00000000 00000000

The second line, third paragraph is 00000000

In my project I fill with "Block = 0x877ff400 0x00000000 0x0006DC00 “u-boot-dtb.imx "

what is the matter about this

Thanks

igorpadykov:

      Mybe some patchs need be apply to uboot.

      My uboot version is "U-Boot 2014.04-g18b6230-dirty"

      Does this uboot support secureboot?

Thanks