Hi,
I am new to crypto and secure booting. I am trying secure booting in imx93. My question is, Is fusing the hardware can be done multiple times until I close the hardware (before using ahab_close tool in uboot to close the hardware)?
If not, In development stage how can I verify that current Image is following secure boot till development reaching to production level? Is there any other method is available to validate secure boot without fusing ? I have followed doc/imx/ahab/guides (nxp uboot) for imx93.
Hello,
Once a fuse is burned, it is NOT possible to change it.
During development, users should check the events before the device is closed. Once an image is signed with a signature that does not generate events during loading, the signed image should be able to boot on a closed device without issues. This should be the goal for development, since trying to debug on a closed platform requires the use of JTAG or the USB serial download protocol to acquire the event debug information.
You can take a look on the next application notes for more information:
Secure Boot on AHAB Supported Devices
Edgelock Secure Enclave (ELE) API Reference Guide
i.MX Encrypted Boot on AHAB-Enabled Devices
Best regards.