dear expert :
now i debug seboot of IMX8QXP , i have some questions which need answer;
1、i fuse my board and sign the flash.bin refer to introduction_ahab.txt and mx8_mx8x_secure_boot.txt
but whether i download signed flash.bin and non-signed flash.bin , they are boot OK ;
i think it should not work if i download non-signed flash.bin after i Program SRK_HASH[511:0] fuses;
what should i do , it seems the flash.bin authenticate is not work;
2、from the txt , it show : A message is sent by the SCU ROM via MU requesting the SECO ROM to
authenticate the SECO FW which is signed using NXP key.
where to get SECO FW signed by NXP key;
3、 i open config item config_ahab_boot in uboot,after start it show :
** Unable to read file os_cntr_signed.bin **
Booting from net ...
No ethernet found.
Authenticate OS container at 0x98000000
Error: Wrong container header
ERR: failed to authenticate
from the txt , it need create flash_os.bin , but i use " make SOC=iMX8QX flash_linux " it show "no rule to make target "
4、which location to put os_cntr_signed.bin ? what's relation of os_cntr_signed.bin and kernel image? if it have no relation with kernel image , how to protect kernel image?
thanks
These are common problems that NXP should address in a document or as part of the documents they have. Having read most the documents, these questions are not answered by NXP. These are basic to getting secure boot to work and to support secure boot. It makes NXP look bad when they are unable to answer these questions.
Hi ma
additional details for secure boot can be found in AN12312 MX8 AHAB
Secure Boot on i.MX 8 and i.MX 8X Families using AHAB
Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
i read the spec and operate as the txt , but it seems the information is not enough;
additional AN12853 app note may be helpful
Also support may be provided with :
Commercial Support and Engineering Services | NXP
Best regards
igor
dear expert :
can you give the answer about the four issues i meeted;
thanks