Dear all,
I’m implementing “fail safe booting” using redundant boot images.
It aims "booting succesfully" even though there are some damages on booting images.
I made a plan to use HAB feature for some part of functionalities.
i.mx6 dual processor is supposed to be used and AI board is referenced.
I designed configuration and procedures as below to overcome boot fail situation due to damaged boot images.
1. duplicate boot images (1st and 2nd bootloaders and kernels)
2. check validity of 1st bootloader
3. check 2nd bootloader if 1st one is damaged
4. use a valid bootloader to load kernel
5. check validity of 1st kernel
6. check 2nd kernel if 1st one is damaged
7. load a valid kernel
8. after boot;
A. check validity of 2nd bootloader if booted using 1st bootloader
B. check validity of 2nd kernel if booted using 1st kernel
C. recover damaged images, if any, by copying valid corresponding images
Because steps 5~7 are done buy bootloader I can implement it without any dependency.
But steps 2~4 are executed by codes in ROM and it depends on features of i.mx6 dual processor.
By investigating on documents I found that I could use HAB feature to check integrity of bootloader and
to force to use 2nd bootloader if 1st bootloader is changed. (Step 2~4)
References;
IMX6DQRM - i.MX 6Dual_6Quad Applications Processor Reference Manual
i.MX_6_Linux_High_Assurance_Boot_(HAB)_User's_Guide
My questions;
1. Is using HAB appropriate to check validity and to force to use 2nd bootloader if changed?
2. Is it possible to recover (Step. 8) even the device is “closed” - SEC_CONFIG[1] fused?
3. To test HAB function I may need to burn some eFuses and public keys.
A. I want to avoid fusing reference board because it is irreversible.
Is there any way to make board operate like fused? (fusing emulation?)
B. For the production, Do eFuses and public keys need to be burnt during process of production? If then, is there any suggesting or general way?
Thanks.
Sunghyun Ahn
