i.MX 8M Secure Boot Procedure and OTP customization

cancel
Showing results for 
Search instead for 
Did you mean: 

i.MX 8M Secure Boot Procedure and OTP customization

Jump to solution
416 Views
ashoksowndar
Contributor II

Hi Experts,

I am currently working in i.MX 8M based SOM and built a BSP for the same using Yocto Project.  Now I want to add Secure Booting feature but most of the documents are confusing and misleading.  Please provide step by step procedure or document to enable Secure Boot feature in both SOM and U-Boot.

And also in one forum I have read that certificates in SOM are stored in One Time Programmable (OTP) memory location of SOM. If its the case, it will not be helpful for my requirement because, in the development stage I may have to change the certificates multiple times. Is there any way that certificates in SOM can be flashed multiple time.

Thanks and Regards,

Ashok

0 Kudos
1 Solution
149 Views
Yuri
NXP TechSupport
NXP TechSupport

Hello,

 

  The base documents regarding HAB4 and i.MX8M secure boot are as following:

 

  App Note “Secure Boot on i.MX 50, i.MX 53, i.MX 6 and i.MX 7Series using HABv4 (AN4581)”

in general is applied for i.MX 8M too.

 

< https://www.nxp.com/files-static/32bit/doc/app_note/AN4581.pdf >

 

“Security Reference Manual for i.MX 8M Dual/8M QuadLite/8M Quad”

 

< https://www.nxp.com/webapp/sps/download/mod_download.jsp?colCode=IMX8MDQLQSRM&appType=moderated >

 

 U-boot documentation.

 

< https://source.codeaurora.org/external/imx/uboot-imx/tree/doc/imx/habv4/introduction_habv4.txt?h=imx... >

  Note, under HAB4 only the SRK hash is burned to fuses. The keys (include CSF and IMG keys, which are  used to validate their respective data) are provided via CSF. So, it is possible to use different keys with different images, assuming, that

all keys are signed by SRK.

 

Have a great day,

Yuri.

 

-------------------------------------------------------------------------------

Note:

- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored

 

Please open a new thread and refer to the closed one, if you have a related question at a later point in time.

View solution in original post

1 Reply
150 Views
Yuri
NXP TechSupport
NXP TechSupport

Hello,

 

  The base documents regarding HAB4 and i.MX8M secure boot are as following:

 

  App Note “Secure Boot on i.MX 50, i.MX 53, i.MX 6 and i.MX 7Series using HABv4 (AN4581)”

in general is applied for i.MX 8M too.

 

< https://www.nxp.com/files-static/32bit/doc/app_note/AN4581.pdf >

 

“Security Reference Manual for i.MX 8M Dual/8M QuadLite/8M Quad”

 

< https://www.nxp.com/webapp/sps/download/mod_download.jsp?colCode=IMX8MDQLQSRM&appType=moderated >

 

 U-boot documentation.

 

< https://source.codeaurora.org/external/imx/uboot-imx/tree/doc/imx/habv4/introduction_habv4.txt?h=imx... >

  Note, under HAB4 only the SRK hash is burned to fuses. The keys (include CSF and IMG keys, which are  used to validate their respective data) are provided via CSF. So, it is possible to use different keys with different images, assuming, that

all keys are signed by SRK.

 

Have a great day,

Yuri.

 

-------------------------------------------------------------------------------

Note:

- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored

 

Please open a new thread and refer to the closed one, if you have a related question at a later point in time.

View solution in original post