Update the image in secure boot

vinothkumars · ‎02-05-2021

Dear NXP,

I know secure boot (Signed U-boot and Kernel-FitImage with HAB authenticate ) is one time program as per my knowledge. But, I needs to update the image once secure boot was enabled in IMX8MNano board.

Is it possible to do update the image once secure boot enabled ?

Do we have any special configuration to update the image in secure boot ?

I feel this is the blocker to update the image if it in secure boot, maybe I am wrong. I would like ask your ideas to proceed.

Currently we have primary and secondary partition which is have images (kernel+fitImage, rootfs, user). I have to switch primary to secondary and secondary to primary in secure boot.

Regards,
Vinothkumar Sekar

sajjadahmed · ‎02-08-2021

I think you can boot any image will it be primary or secondary with secure boot enabled, if it is properly signed I don't think there will be an issue, all HAB cares about is the SRK keys(efuses), and signing keys/cert must be from the same PKI.

vinothkumars · ‎02-09-2021

Thank you @sajjadahmed for the reply.

Do you have any proper document to sign and encrypt. If it possible please share to me.

Regards,
Vinothkumar Sekar

Zhiming_Liu · ‎02-06-2021

Hi

We don't have any document or application related to your idea.

The idea needs to change the secure implementation mechanism

BR

Zhiming

vinothkumars · ‎02-07-2021

Thank you @Zhiming_Liu quick reply.

If it possible please share some ideas.

Regards,
Vinothkumar Sekar

Update the image in secure boot

Update the image in secure boot

i.MX 8M | i.MX 8M Mini | i.MX 8M Nano

Yocto Project