Dear NXP,
I know secure boot (Signed U-boot and Kernel-FitImage with HAB authenticate ) is one time program as per my knowledge. But, I needs to update the image once secure boot was enabled in IMX8MNano board.
Is it possible to do update the image once secure boot enabled ?
Do we have any special configuration to update the image in secure boot ?
I feel this is the blocker to update the image if it in secure boot, maybe I am wrong. I would like ask your ideas to proceed.
Currently we have primary and secondary partition which is have images (kernel+fitImage, rootfs, user). I have to switch primary to secondary and secondary to primary in secure boot.
I think you can boot any image will it be primary or secondary with secure boot enabled, if it is properly signed I don't think there will be an issue, all HAB cares about is the SRK keys(efuses), and signing keys/cert must be from the same PKI.
Thank you @sajjadahmed for the reply.
Do you have any proper document to sign and encrypt. If it possible please share to me.
Hi
We don't have any document or application related to your idea.
The idea needs to change the secure implementation mechanism
BR
Zhiming
Thank you @Zhiming_Liu quick reply.
If it possible please share some ideas.