Imx28 secure boot with custom key

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Imx28 secure boot with custom key

288 Views
pjiangplus
Contributor I

hi all, I am working on a secure boot for imx28.

I got couple of questions:

1) may I know what is the different of elftosb -z -f imx28 -c arch/arm/cpu/arm926ejs/mxs/u-boot-imx28.bd -o u-boot.sb.new and elftosb -k "./my.key" -f imx28 -c arch/arm/cpu/arm926ejs/mxs/u-boot-imx28.bd -o u-boot.sb.new. if the my.key is all zero like 00000000000000000000000000000000.

the problem I face is I try to work on a board which is OTP virgin, and if I set the key as key file then it does not boot up, while option -z works (uboot default way).

2) I used bitbunner.exe program to program one CRYPTO0 register as 0x12345678, all other 3 untouched, but I cannot read it out anymore, reading will result in reset, does this expected? if yes, may I know how to read the key I program?

3) same as question 2, if I prepare a key file as 123456780000000000000000000000000, and in step 1, and it cannot boot up. any particular steps required?

my bd file looks like

cat arch/arm/cpu/arm926ejs/mxs/u-boot-imx28.bd
options
{
flags = 0x4; // 0x8 encrypted + signed, 0x4 encrypted
buildNumber = 0x1;
productVersion = "1.00.00";
componentVersion = "1.00.00";
secureBinaryVersion = "2.0";
}

sources {
u_boot_spl="spl/u-boot-spl.bin";
u_boot="u-boot.bin";
}

section (0) {
load u_boot_spl > 0x1000;
load ivt (entry = 0x1000) > 0x8000;
hab call 0x8000;

load u_boot > 0x40002000;
load ivt (entry = 0x40002000) > 0x8000;
hab call 0x8000;
}

 

thanks a lot

Peng

0 Kudos
Reply
1 Reply

190 Views
hector_delgado
NXP TechSupport
NXP TechSupport

Hi @pjiangplus ,

Hope you're doing well!

Have you followed https://www.nxp.com/webapp/Download?colCode=AN4555?

Best regards,
Hector.

0 Kudos
Reply