Hi Experts,
I am currently working in i.MX 8M based SOM and built a BSP for the same using Yocto Project. Now I want to add Secure Booting feature but most of the documents are confusing and misleading. Please provide step by step procedure or document to enable Secure Boot feature in both SOM and U-Boot.
And also in one forum I have read that certificates in SOM are stored in One Time Programmable (OTP) memory location of SOM. If its the case, it will not be helpful for my requirement because, in the development stage I may have to change the certificates multiple times. Is there any way that certificates in SOM can be flashed multiple time.
Thanks and Regards,
Ashok
Solved! Go to Solution.
Hello,
The base documents regarding HAB4 and i.MX8M secure boot are as following:
App Note “Secure Boot on i.MX 50, i.MX 53, i.MX 6 and i.MX 7Series using HABv4 (AN4581)”
in general is applied for i.MX 8M too.
< https://www.nxp.com/files-static/32bit/doc/app_note/AN4581.pdf >
“Security Reference Manual for i.MX 8M Dual/8M QuadLite/8M Quad”
< https://www.nxp.com/webapp/sps/download/mod_download.jsp?colCode=IMX8MDQLQSRM&appType=moderated >
U-boot documentation.
Note, under HAB4 only the SRK hash is burned to fuses. The keys (include CSF and IMG keys, which are used to validate their respective data) are provided via CSF. So, it is possible to use different keys with different images, assuming, that
all keys are signed by SRK.
Have a great day,
Yuri.
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
Hello,
The base documents regarding HAB4 and i.MX8M secure boot are as following:
App Note “Secure Boot on i.MX 50, i.MX 53, i.MX 6 and i.MX 7Series using HABv4 (AN4581)”
in general is applied for i.MX 8M too.
< https://www.nxp.com/files-static/32bit/doc/app_note/AN4581.pdf >
“Security Reference Manual for i.MX 8M Dual/8M QuadLite/8M Quad”
< https://www.nxp.com/webapp/sps/download/mod_download.jsp?colCode=IMX8MDQLQSRM&appType=moderated >
U-boot documentation.
Note, under HAB4 only the SRK hash is burned to fuses. The keys (include CSF and IMG keys, which are used to validate their respective data) are provided via CSF. So, it is possible to use different keys with different images, assuming, that
all keys are signed by SRK.
Have a great day,
Yuri.
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.