Questions about IMX8QXP Seboot function

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Questions about IMX8QXP Seboot function

3,487 Views
mashaofeng
Contributor III

dear expert :

now i debug seboot of IMX8QXP , i have  some questions which need answer;

1、i fuse my board and sign the flash.bin  refer to introduction_ahab.txt and mx8_mx8x_secure_boot.txt  

     but whether i download signed flash.bin and non-signed flash.bin , they are boot OK ;

     i think it should not work if i download  non-signed flash.bin after i Program SRK_HASH[511:0] fuses;

     what should i do , it seems the flash.bin authenticate is not work;

 

2、from the txt , it show :  A message is sent by the SCU ROM via MU requesting the SECO ROM to

     authenticate the SECO FW which is signed using NXP key.   

 

where to get SECO FW signed by NXP key;

 

 3、 i open config item  config_ahab_boot in uboot,after start it show :

** Unable to read file os_cntr_signed.bin **

Booting from net ...

No ethernet found.

Authenticate OS container at 0x98000000

Error: Wrong container header

ERR: failed to authenticate

 

  from the txt , it need create flash_os.bin   ,  but i use  " make SOC=iMX8QX flash_linux "  it show  "no rule to make target "

 

4、which location to put os_cntr_signed.bin   what's relation of  os_cntr_signed.bin and kernel image   if it have no relation with kernel image , how to protect kernel image?

thanks

0 Kudos
Reply
5 Replies

3,284 Views
Gandalf-kern
Contributor IV

These are common problems that NXP should address in a document or as part of the documents they have. Having read most the documents, these questions are not answered by NXP. These are basic to getting secure boot to work and to support secure boot. It makes NXP look bad when they are unable to answer these questions.

3,391 Views
igorpadykov
NXP Employee
NXP Employee

Hi ma

additional details for secure boot can be found in AN12312  MX8 AHAB

Secure Boot on i.MX 8 and i.MX 8X Families using AHAB

Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply

3,391 Views
mashaofeng
Contributor III

i read the spec and operate as the txt , but it seems the information is not enough;

3,391 Views
igorpadykov
NXP Employee
NXP Employee

additional AN12853 app note may be helpful

i.MX ROMs Log Events

Also support may be provided with :

Commercial Support and Engineering Services | NXP 

Best regards
igor

0 Kudos
Reply

3,391 Views
mashaofeng
Contributor III

dear expert :

    can you give the answer about the four issues i meeted;

thanks