hi all, I am working on a secure boot for imx28.
I got couple of questions:
1) may I know what is the different of elftosb -z -f imx28 -c arch/arm/cpu/arm926ejs/mxs/u-boot-imx28.bd -o u-boot.sb.new and elftosb -k "./my.key" -f imx28 -c arch/arm/cpu/arm926ejs/mxs/u-boot-imx28.bd -o u-boot.sb.new. if the my.key is all zero like 00000000000000000000000000000000.
the problem I face is I try to work on a board which is OTP virgin, and if I set the key as key file then it does not boot up, while option -z works (uboot default way).
2) I used bitbunner.exe program to program one CRYPTO0 register as 0x12345678, all other 3 untouched, but I cannot read it out anymore, reading will result in reset, does this expected? if yes, may I know how to read the key I program?
3) same as question 2, if I prepare a key file as 123456780000000000000000000000000, and in step 1, and it cannot boot up. any particular steps required?
my bd file looks like
cat arch/arm/cpu/arm926ejs/mxs/u-boot-imx28.bd
options
{
flags = 0x4; // 0x8 encrypted + signed, 0x4 encrypted
buildNumber = 0x1;
productVersion = "1.00.00";
componentVersion = "1.00.00";
secureBinaryVersion = "2.0";
}
sources {
u_boot_spl="spl/u-boot-spl.bin";
u_boot="u-boot.bin";
}
section (0) {
load u_boot_spl > 0x1000;
load ivt (entry = 0x1000) > 0x8000;
hab call 0x8000;
load u_boot > 0x40002000;
load ivt (entry = 0x40002000) > 0x8000;
hab call 0x8000;
}
thanks a lot
Peng
