Does i.MX8MQuad support Android Verified Boot (AVB) using Android P9.0.0_2.0.0 (4.14.98 kernel)?
I notice there is no i.MX_Android_Seurity_User_Guide.pdf file under Android P9.0.0_2.0.0 document pack. There is one for i.MX8MM under Android P9.0.0_2.3.0., which does not mentioned i.MX8MQuad support.
Hi gusarambula,
If we are to use i.MX8MM instead of i.MX8MQ and upgrade to Android P9.0.0_2.3.0. Will the i.MX8MM BSP support AVB as those steps stated on the i.MX_Android_Seurity_User_Guide.pdf of P9.0.0_2.3.0? Or that portion is just for the i.MX8QuadMax, not applying to the i.MX8MM or i.MX8MN?
How about Android-10.0.0_1.0.0? Will any of the newer GA release BSP support AVB on i.MX8MQ?
Thanks,
Bin
Hello Bin Lin,
The Android Verified Boot feature is present on the Android Automotive BSPs, which is why this feature is found on the releases focused primarily on the i.MX8QuadMax. Android BSPs that support the i.MX8MQ or other i.MX Processors do not include this feature as part of the BSP.
You may implement it yourself, but it’s not a trivial task. There is some resources on Androids website.
https://source.android.com/security/verifiedboot/avb
My apologies for the inconvenience.
Regards,
Hello Gusarambula,
How about the AVB support for i.MX8MM on P9.0.0_2.3.0?
Or the for i.MX8MQ or i.MX8MM on Android-10.0.0_1.0.0?
We tried the AVB configuration steps on the i.MX8MM EVK based on instructions of P9.0.0_2.3.0 Security User's Guide (page 25) and got a error when trying to save the public key to RPMB.
$ fastboot stage custom_rsa4096_public.bin - passed
$ fastboot oem set-public-key - errored
Is that because the instructions only apply to i.MX8QuadMax, not the i.MX8MM or i.MX8MQ?
Thanks,
Bin
Hello gusarambula
I have similar problems and would like to consult you . In BSP device/fsl/imx8m/evk_8mm/BoardConfig.mk
BOARD_AVB_ENABLE := true
BOARD_AVB_ALGORITHM := SHA256_RSA4096
# The testkey_rsa4096.pem is copied from external/avb/test/data/testkey_rsa4096.pem
BOARD_AVB_KEY_PATH := device/fsl/common/security/testkey_rsa4096.pem
these configurations do not enable AVB and configure the AVB key function? What are the specific functions of these configurations.
Tks!