帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

i.MX6 secure boot of Linux kernel

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

i.MX6 secure boot of Linux kernel

跳至解决方案
‎05-27-2014 04:47 AM
8,807 次查看
spacemanspiff
Contributor II

As described in Secure boot on Wandboard, I have manged to use CST to sign my U-Boot image, and have my Wandboard verify the authenticity of U-Boot before executing it.

Now, I want to extend this to have the Linux kernel signed and to have U-Boot authenticate the image, as described in "i.MX 6 Linux High Assurance Boot (HAB) User's Guide". However, it appears that this document is based on a different U-Boot branch, than the one I am using (U-Boot 2013.10 from Yocto). I would prefer to use this recent U-Boot, because of device tree support, etc.

According to  Re: i.MX6 HAB support in U-Boot 2013 and later HAB is supported in later U-Boot, but after digging for some time, it appears that only support for reading out HAB event status (using the "hab_status" command) is available, and the raw HAB API functions. The infrastructure to actually have U-Boot call HAB to authenticate the Linux image seems to be missing.

Is there a patch available for U-boot 2013.10, which enables authentication of the Linux kernel image before continuing boot?

Best regards,

Mikkel Holm Olsen

标签 (3)
标签
0 项奖励
回复
1 解答

跳至解决方案
‎05-29-2014 04:10 AM
2,448 次查看
igorpadykov
NXP Employee
NXP Employee

Hi Mikkel,

had you checked V2012 Uboot security scripts, below

link. Also they are included in ../mxc_secureboot folder imx-test-3.10.17-1.0.0

package

ENGR00000000 secure boot:add support for V2012 Secure U-Boot · 4eecc7d · boundarydevices/imx-linux-t...

L3.10.17_1.0.0_IMX6QDLS_BUNDLE : Source Code Download Steps Documentation and Demo Images.

Best regards

chip

在原帖中查看解决方案

0 项奖励
回复
3 回复数

跳至解决方案
‎06-17-2014 04:21 AM
2,448 次查看
spacemanspiff
Contributor II

Sorry about the late reply.

Thank you! Those links are very helpful, although at the moment I am investigating using U-Boot "verified boot" to sign the kernel.

Best regards,

Mikkel Holm Olsen

0 项奖励
回复

跳至解决方案
‎05-29-2014 04:10 AM
2,449 次查看
igorpadykov
NXP Employee
NXP Employee

Hi Mikkel,

had you checked V2012 Uboot security scripts, below

link. Also they are included in ../mxc_secureboot folder imx-test-3.10.17-1.0.0

package

ENGR00000000 secure boot:add support for V2012 Secure U-Boot · 4eecc7d · boundarydevices/imx-linux-t...

L3.10.17_1.0.0_IMX6QDLS_BUNDLE : Source Code Download Steps Documentation and Demo Images.

Best regards

chip

0 项奖励
回复

跳至解决方案
‎11-21-2017 08:26 PM
2,448 次查看
tengri
Contributor IV

Hi igorpadykov

I have a requirement to check the HAB status of uImage and if no HAB events to load the uImage. So how to do that checking in u-boot ?

Thanks in Advance

0 项奖励
回复