Secure Boot Mode

pilotnite · ‎06-11-2024

Hello,

I am currently in the development phase and would like to test secure boot mode. I have been reading the guide [here](https://github.com/nxp-imx/uboot-imx/blob/lf_v2023.04/doc/imx/ahab/introduction_ahab.txt).

During development, there will be lots of trial and error. According to [this section](https://github.com/nxp-imx/uboot-imx/blob/lf_v2023.04/doc/imx/ahab/guides/mx8ulp_9x_secure_boot.txt#...) on reading the fuses, it does not mention whether I can run in emulation mode without burning the fuses permanently and potentially bricking the board.

Has anyone implemented secure boot mode during the development phase with the i.MX93? What is the correct procedure to follow without risking bricking the board?

Any help would be highly appreciated.

Cheers,
Nitesh

Harvey021 · ‎06-13-2024

Hi,

Don't close device before signing image verification passed and the SRK fuse should be fused when in production. otherwise, any images can run on the device.

Regards

Harvey

View solution in original post

Harvey021 · ‎06-13-2024

Hi,

Don't close device before signing image verification passed and the SRK fuse should be fused when in production. otherwise, any images can run on the device.

Regards

Harvey

pilotnite · ‎06-13-2024

@Harvey021

Hi Harvey,

Thank you for your response.

I have a few more questions regarding the SRK fuse:

What exactly happens when the SRK fuse is burned?
Once the SRK fuse is burned, can I still re-flash the unit using the same certificates and keys?
Will I be able to perform OTA updates to the filesystem or update the bootloader after the SRK fuse is burned?

Your clarification on these points would be greatly appreciated.

Best regards,
Nitesh

Harvey021 · ‎06-13-2024

Hi,

SRK fuse helps the root of trust established if SRK table in signed image verify successfully against SRK fuse in Fuse box.

Regards

Harvey

Secure Boot Mode

Secure Boot Mode

i.MX 8 Family | i.MX 8QuadMax (8QM) | 8QuadPlus

Security

Yocto Project