I know secure boot (Signed U-boot and Kernel-FitImage with HAB authenticate ) is one time program as per my knowledge. But, I needs to update the image once secure boot was enabled in IMX8MNano board.
Is it possible to do update the image once secure boot enabled ?
Do we have any special configuration to update the image in secure boot ?
I feel this is the blocker to update the image if it in secure boot, maybe I am wrong. I would like ask your ideas to proceed.
Currently we have primary and secondary partition which is have images (kernel+fitImage, rootfs, user). I have to switch primary to secondary and secondary to primary in secure boot.
I think you can boot any image will it be primary or secondary with secure boot enabled, if it is properly signed I don't think there will be an issue, all HAB cares about is the SRK keys(efuses), and signing keys/cert must be from the same PKI.