add OP-TEE with secure boot on IMX8MN

Silvarye · ‎07-16-2021

Hi all,

I'm working on i.MX8M Nano board and I would like to know How can I add OP-TEE image in the secure boot.

With NXP's documentation I done this resume of commands (attached Notepad) , if I done something wrong say me, At which steps I could add commands for OP-TEE ?

Moreover, in your documentation for complete secure the device you purpose to do this :

=> fuse prog 1 3 0x8000000 for Program DIR_BT_DIS

But in the security reference manual for IMX8MN, on 0x470[27] in Fuse map this appear like 'Reserved', It is important thing for the security ?

Regards,

Alexandre

igorpadykov · ‎07-26-2021

Hi Alexandre

from team:

1) In step 4, customer need to copy the tee.bin to the imx-mkimage tool. and compile the ATF with OP-TEE support. Then when customer build the image with the same command, the OP-TEE will integrated to the FIT part of the flash.bin. Customer can check the mkimage log to double confirm.

2) To close the device, customer need to use below command to program SEC_CONFIG[1] in bank1 word3, bit 25.

  => fuse prog 1 3 0x2000000

Best regards
igor

View solution in original post

Silvarye · ‎07-26-2021

Hi Igor thanks for your answer, have a nice day !

Murri · ‎08-26-2022

@Silvarye did this work for you? I am about to try the same. Thanks in advance.

igorpadykov · ‎07-26-2021

Hi Alexandre

from team:

1) In step 4, customer need to copy the tee.bin to the imx-mkimage tool. and compile the ATF with OP-TEE support. Then when customer build the image with the same command, the OP-TEE will integrated to the FIT part of the flash.bin. Customer can check the mkimage log to double confirm.

2) To close the device, customer need to use below command to program SEC_CONFIG[1] in bank1 word3, bit 25.

  => fuse prog 1 3 0x2000000

Best regards
igor