How to select the defconfig file for Secure Boot

abhiroopnray · ‎02-20-2023

Hello,

I am trying to enable secure boot feature for custom IMX8MPLUS board running #Android 11. I have followed the Android Security guide provided by NXP

In the device/nxp/imx8m/evk_8mp/UbootKernelBoardConfig.mk I see as follows:

# u-boot target
TARGET_BOOTLOADER_CONFIG := imx8mp:imx8mp_evk_android_defconfig
TARGET_BOOTLOADER_CONFIG += imx8mp-trusty:imx8mp_evk_android_trusty_defconfig
TARGET_BOOTLOADER_CONFIG += imx8mp-trusty-secure-unlock:imx8mp_evk_android_trusty_secure_unlock_defconfig
TARGET_BOOTLOADER_CONFIG += imx8mp-dual:imx8mp_evk_android_dual_defconfig
TARGET_BOOTLOADER_CONFIG += imx8mp-trusty-dual:imx8mp_evk_android_trusty_dual_defconfig
TARGET_BOOTLOADER_CONFIG += imx8mp-evk-uuu:imx8mp_evk_android_uuu_defconfig
TARGET_BOOTLOADER_CONFIG += imx8mp-powersave:imx8mp_evk_android_powersave_defconfig
TARGET_BOOTLOADER_CONFIG += imx8mp-trusty-powersave:imx8mp_evk_android_trusty_powersave_defconfig

After compilation in the build log I can see all the defconfigs are build.

Do I have to update all the defconfigs for Secure boot? Shall I take the values from build-log for csf from all of them seperately? How do I make sure which defconfig is getting used while bootup?

Thanks,

Abhiroop

Harvey021 · ‎02-21-2023

Hi @abhiroopnray

This way that you build android images means all modes of bootloader built with HAB enabled.

You don't necessarily need all defconfigs for secure boot, you can modify the + symbols to remove what you don't want.

Best regards

Harvey

How to select the defconfig file for Secure Boot

How to select the defconfig file for Secure Boot

i.MX 8 Family | i.MX 8QuadMax (8QM) | 8QuadPlus

i.MX 8M | i.MX 8M Mini | i.MX 8M Nano

Linux

Security

Yocto Project