Hello,
I am in the process of adding signed images to our board but I was left with questions on how to test that.
After getting a signed os_cntr_signed.bin image, it boots fine. On u-boot when I try ahab_status, I see SECO events (because I don't have my keys fused yet).
Initially I thought I could use u-boot fuse override for testing the fuse values I need to use, but that is not implemented. After searching on how to use fuse shadow registers, I found that it is not possible. Examples:
Initially If thought I could implement something like what is mentioned in the first link.
Based on that, how am I supposed to test secure boot keys / commands without permanently fusing the keys or bricking the board?
What is NXP advice on that?
For reference, we are using i.MX8X (imx8qxp).
已解决! 转到解答。
Hello,
If not burning the SRK fuse, you may can use OPENSSL command to analyze the images with their key.
Regards
I'll try the openssl approach in the future. Another FAE we contacted also confirmed there is no way of testing on a imx8 board without fusing the keys. His suggestion in that case was to fuse (if we are fine with that) but not close the device.