How to select the defconfig file for Secure Boot

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to select the defconfig file for Secure Boot

576 Views
abhiroopnray
Contributor III

Hello,

I am trying to enable secure boot feature for custom IMX8MPLUS  board running #Android 11. I have followed the Android Security guide provided by NXP

In the device/nxp/imx8m/evk_8mp/UbootKernelBoardConfig.mk I see as follows:

# u-boot target
TARGET_BOOTLOADER_CONFIG := imx8mp:imx8mp_evk_android_defconfig
TARGET_BOOTLOADER_CONFIG += imx8mp-trusty:imx8mp_evk_android_trusty_defconfig
TARGET_BOOTLOADER_CONFIG += imx8mp-trusty-secure-unlock:imx8mp_evk_android_trusty_secure_unlock_defconfig
TARGET_BOOTLOADER_CONFIG += imx8mp-dual:imx8mp_evk_android_dual_defconfig
TARGET_BOOTLOADER_CONFIG += imx8mp-trusty-dual:imx8mp_evk_android_trusty_dual_defconfig
TARGET_BOOTLOADER_CONFIG += imx8mp-evk-uuu:imx8mp_evk_android_uuu_defconfig
TARGET_BOOTLOADER_CONFIG += imx8mp-powersave:imx8mp_evk_android_powersave_defconfig
TARGET_BOOTLOADER_CONFIG += imx8mp-trusty-powersave:imx8mp_evk_android_trusty_powersave_defconfig

After compilation in the build log I can see all the defconfigs are build.

Do I have to update all the defconfigs for Secure boot? Shall I take the values from build-log for csf from all of them seperately? How do I make sure which defconfig is getting used while bootup?

 

Thanks,

Abhiroop 

0 Kudos
Reply
1 Reply

557 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi @abhiroopnray 

This way that you build android images means all modes of bootloader built with HAB enabled. 

You don't necessarily need all defconfigs for secure boot, you can modify the + symbols to remove what you don't want.

 

Best regards

Harvey

0 Kudos
Reply