Hi,
I am new to crypto and secure booting. I am trying secure booting in imx93. My question is, Is fusing the hardware can be done multiple times until I close the hardware (before using ahab_close tool in uboot to close the hardware)?
If not, In development stage how can I verify that current Image is following secure boot till development reaching to production level? Is there any other method is available to validate secure boot without fusing ? I have followed doc/imx/ahab/guides (nxp uboot) for imx93.
Hello,
Once a fuse is burned, it is NOT possible to change it.
During development, users should check the events before the device is closed. Once an image is signed with a signature that does not generate events during loading, the signed image should be able to boot on a closed device without issues. This should be the goal for development, since trying to debug on a closed platform requires the use of JTAG or the USB serial download protocol to acquire the event debug information.
You can take a look on the next application notes for more information:
Secure Boot on AHAB Supported Devices
Edgelock Secure Enclave (ELE) API Reference Guide
i.MX Encrypted Boot on AHAB-Enabled Devices
Best regards.
Hello,
If you are getting HAB events before close the device, something was wrong in your process. The device should be closed once you are able to boot without any HAB event.
Please check if you missed something.
Best regards.