Hi All,
We are using i.MX8MQ based custom board with NXP release Android-p9.0.0_2.0.0-ga.
To generate secure-boot enabled and signed u-boot image, we followed steps from docs availbale in uboot source at /doc/imx/habv4/guides/mx8m_mx8mm_secure_boot.txt and doc/imx/habv4/introduction_habv4.txt.
Initially for testing, we haven't programmed any SRK fuses or fuse to close the chip.
Even though, all the secure-boot verification using HABv4 scenarios are working fine.!
1. The signed u-boot image using CST tools (v3.1.0) is verified successfully without any HAB events or errors.
2. If we corrupt signed u-boot image or generate it with some wrong CSF data during signing using CST Tools, we are getting HAB events errros.
3. If we flash unsinged u-boot image, it shows us "Error: CSF header command not found" and HAB events are generated.
Note: For logs of above 3 scenarios, please see attached file (secureboot-scenarios.txt).
So, here my questions are,
1. How secure-boot verification happens without SRK fuses burnt?
2. what is the use of SRK fuses?
Please help us out to understand above scenarios.
Thank you.
Regards,
Pratik Manvar
