IMX8MP NAND SECURE BOOT

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IMX8MP NAND SECURE BOOT

1,319 Views
AlfTeleco
Contributor III

Hello everyone,

 

I am trying to achieve secure boot, booting from a NAND memory. I'd been able to do it from an SD, so usual steps as signing, creating the PKI and CSF files are well formed and are familiar to me. 

As far as I could see, there is a problem conforming the final binary with the addresses according to this thread: 

https://lists.denx.de/pipermail/u-boot/2019-December/394629.html

The only existing solution to finally perform a secure boot from NAND is to disable CONFIG_IMX_HAB, and by doing so we loose the ability to check HAB events and the power of the HAB commands. 

Is there any news in this topic? Any uboot patch that I have not been able to find?

Thank in advance  

0 Kudos
Reply
3 Replies

1,306 Views
igorpadykov
NXP Employee
NXP Employee

Hi Alvaro

 

nand secure boot is supported, there are no additional patches for that.

However there is below implication for latest kernels

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b5094b7f135be

 

Best regards
igor

0 Kudos
Reply

1,299 Views
AlfTeleco
Contributor III

Okay, thank you Igor. 

 

I have achieved NAND secure boot indeed, BUT without the uboot commands available to manage the HAB, this is, disabling the CONFIG_IMX_HAB. Is there any path that let me use the CONFIG_IMX_HAB define while implementing the secure boot from a NAND. 

 

Thanks in advance!

Tags (1)
0 Kudos
Reply

1,289 Views
igorpadykov
NXP Employee
NXP Employee
0 Kudos
Reply