Hi all,
I have implemented secure boot solution for our device. So, single public is used to verify both signed uboot and signed kernel.
But I need to implement chain of trust like below diagram
Here every component is verified by its unique public key that's embedded on the previous binary.
Can you help me to do that.
Thanks in advance
Regards
Dipin
@DipinPK
Hello,
Please use the following documents.
"Security Reference Manual for i.MX 6"
"i.MX Secure Boot on HABv4 Supported Devices"
https://www.nxp.com/docs/en/application-note/AN4581.pdf
"Encrypted Boot on HABv4 and CAAM Enabled Devices "
https://www.nxp.com/docs/en/application-note/AN12056.pdf
"i.MX ROMs Log Events"
https://www.nxp.com/docs/en/application-note/AN12853.pdf
"i.MX Encrypted Storage Using CAAM Secure Keys"
https://www.nxp.com/docs/en/application-note/AN12714.pdf
Regards,
Yuri.
I have already implemented the secure boot feature. But need to implement the chain of trust. Using FIT images.
Can you suggest me some method for that?
What is FIT image how to create FIT images for imx6 processors