Secure boot on IMX8MP

kartheek

Hi,

I'm new to Secure Boot on the i.MX8M Plus platform. I've been searching for documentation on implementing Secure Boot using Yocto, but haven't found any relevant resources so far.

Are there any guides or documentation available for enabling Secure Boot on i.MX8MP with Yocto? Any suggestions or pointers would be greatly appreciated.

Thank you,

Kartheek

Harvey021

Hi @kartheek

We have a reference about the secure boot with Yocto automation.

Please refer to the section <10.9 Security reference design> of UG10163.pdf

Regards

Harvey

View solution in original post

Harvey021

Hi @kartheek

We have a reference about the secure boot with Yocto automation.

Please refer to the section <10.9 Security reference design> of UG10163.pdf

Regards

Harvey

kartheek

Hi Harvey,

I’ve followed the Security Reference Design (Section 10.9) from UG10163.pdf along with the NXP Code Signing Tool (CST) documentation to successfully generate the required keys and a signed wic image.
Now, I’d like to verify secure boot functionality on the i.MX8MP without programming the eFuses or closing the device.
Could you please share any documentation or guidance related to pre-fuse secure boot verification?

Thanks,

Kartheek

Harvey021

Hi Kartheek,

There are tools contained with the CST. You can refer to the CST User Guide for more details.

But please be note: The hab4_image_verifier tool is intended solely for experimentation and debugging purposes. Under any circumstance, it should not be considered as a proof or validation of a good HABv4 image. For official verification and image integrity checks, proceed with the recommended secure boot procedures, such as using the hab_status command as outlined in the relevant documentation.

The SRK Fuse hash values must be fused to device but not closing the device Before we run "hab_status" to verify.

Regards

Harvey