Hi all,
I'm working on i.MX8M Nano board and I would like to know How can I add OP-TEE image in the secure boot.
With NXP's documentation I done this resume of commands (attached Notepad) , if I done something wrong say me, At which steps I could add commands for OP-TEE ?
Moreover, in your documentation for complete secure the device you purpose to do this :
=> fuse prog 1 3 0x8000000 for Program DIR_BT_DIS
But in the security reference manual for IMX8MN, on 0x470[27] in Fuse map this appear like 'Reserved', It is important thing for the security ?
Regards,
Alexandre
Solved! Go to Solution.
Hi Alexandre
from team:
1) In step 4, customer need to copy the tee.bin to the imx-mkimage tool. and compile the ATF with OP-TEE support. Then when customer build the image with the same command, the OP-TEE will integrated to the FIT part of the flash.bin. Customer can check the mkimage log to double confirm.
2) To close the device, customer need to use below command to program SEC_CONFIG[1] in bank1 word3, bit 25.
=> fuse prog 1 3 0x2000000
Best regards
igor
Hi Igor thanks for your answer, have a nice day !
@Silvarye did this work for you? I am about to try the same. Thanks in advance.
Hi Alexandre
from team:
1) In step 4, customer need to copy the tee.bin to the imx-mkimage tool. and compile the ATF with OP-TEE support. Then when customer build the image with the same command, the OP-TEE will integrated to the FIT part of the flash.bin. Customer can check the mkimage log to double confirm.
2) To close the device, customer need to use below command to program SEC_CONFIG[1] in bank1 word3, bit 25.
=> fuse prog 1 3 0x2000000
Best regards
igor