Update the image in secure boot

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Update the image in secure boot

1,308 Views
vinothkumars
Senior Contributor IV

Dear NXP,

 

I know secure boot (Signed U-boot and Kernel-FitImage with HAB authenticate ) is one time program as per my knowledge. But, I needs to update the image once secure boot was enabled in IMX8MNano board. 

 

Is it possible to do update the image once secure boot enabled ?

Do we have any special configuration to update the image in secure boot ?

 

I feel this is the blocker to update the image if it in secure boot, maybe I am wrong. I would like ask your ideas to proceed.

 

Currently we have primary and secondary partition which is have images (kernel+fitImage, rootfs, user). I have to switch primary to secondary and secondary to primary in secure boot.

 

vinothkumars_0-1612591539491.png

 

 

 

 

 

Regards,
Vinothkumar Sekar
0 Kudos
4 Replies

1,241 Views
sajjadahmed
Contributor II

I think you can boot any image will it be primary or secondary with secure boot enabled, if it is properly signed I don't think there will be an issue, all HAB cares about is the SRK keys(efuses), and signing keys/cert must be from the same PKI.

0 Kudos

1,231 Views
vinothkumars
Senior Contributor IV

Thank you @sajjadahmed  for the reply.

 

Do you have any proper document to sign and encrypt. If it possible please share to me.

Regards,
Vinothkumar Sekar
0 Kudos

1,270 Views
Zhiming_Liu
NXP TechSupport
NXP TechSupport

Hi

 

We don't have any document or application related to your idea.

The idea needs to change the secure implementation mechanism

 

BR

Zhiming

0 Kudos

1,265 Views
vinothkumars
Senior Contributor IV

Thank you @Zhiming_Liu quick reply.

 

If it possible please share some ideas.

Regards,
Vinothkumar Sekar
0 Kudos