Please have a look at AN4581:
HAB version | HAB SRK HASH check | Comments |
---|---|---|
HAB 4.1.0 and prior | Yes | HAB checks SRK Hash in open mode, must program SRK Hash fuses. |
HAB 4.1.1 | No | HAB does not check SRK Hash in open mode, make sure SRK's are programmed correctly in SRK fuses before closing the device. |
HAB 4.1.2 and newer | Only if SRK fuses is not 0. | HAB checks SRK Hash in open mode. SRK Fuses = 0 leads to no HAB events due to SRK hash check. |
Summary:
I think you definitely have to burn the SRK_HASH fuses. Depending on the HAB version of your i.MX device you can/should check whether authentication of your image was successful prior closing the device burning BT_DIR_DIS and SEC_CONFIG[1].
regards
Christian
Christian,
Thanks for the reply. However, I don't see hab_status command showing up in my u-boot prompt. When building the u-boot, I did add the CONFIG_SECURE_BOOT=y to the config file and also uncommented the header to enable the CONFIG_SECURE_BOOT. I am not sure why the hab_status is not showing up. Any advice? Thanks!
I use barebox for my project, not U-Boot. So I cannot answer this.
Good!