Dear i.MX Community,
is it possible to sign and/or encrypt with an i.MX6 several bootstages like U-Boot, DeviceTree, Kernel and Root-Filesystem?
Hello,
Basically this is possible to encrypt several boot stages, but i.MX boot ROM
checks and run only the first stage, say, U-boot. Then this is U-boot prerogative
to load, check, start kernel. Boot ROM HAB API may be used by U-boot.
As for RootFS - if it cannot be fully located in DRAM, it would be better to apply
standard Linux approach, as eCryptfs.
Have a great day,
Yuri
------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct
Answer button. Thank you!
------------------------------------------------------------------------------
Dear Mr Muhin,
Yes i know i have to implement the check functions by myself and i can use the ROM HAB API to check the image. I guess there was a problem because every time i encrypt an image i have to create a key blob in U-Boot and i thought that i can only create one key blob so only for one boot stage. But probably i was wrong, so i can create several blobs for different boot stages, thanks for the information.
best regards,
Patrick Jakob
Hello,
You can create several blobs. Please submit request, if more details
are needed.
How to submit a new question for NXP Support
Regards,
Yuri.