i.MX8MQuad Android P9.0.0_2.0.0 (4.14.98 kernel) AVB support

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

i.MX8MQuad Android P9.0.0_2.0.0 (4.14.98 kernel) AVB support

1,227 Views
bl
Contributor II

Does i.MX8MQuad support Android Verified Boot (AVB) using Android P9.0.0_2.0.0 (4.14.98 kernel)?

I notice there is no i.MX_Android_Seurity_User_Guide.pdf file under Android P9.0.0_2.0.0 document pack.  There is one for i.MX8MM under Android P9.0.0_2.3.0., which does not mentioned i.MX8MQuad support.

0 Kudos
Reply
4 Replies

1,114 Views
bl
Contributor II

Hi gusarambula‌,

If we are to use i.MX8MM instead of i.MX8MQ and upgrade to Android P9.0.0_2.3.0.  Will the i.MX8MM BSP support AVB as those steps stated on the i.MX_Android_Seurity_User_Guide.pdf of P9.0.0_2.3.0?  Or that portion is just for the i.MX8QuadMax, not applying to the i.MX8MM or i.MX8MN?

How about Android-10.0.0_1.0.0?  Will any of the newer GA release BSP support AVB on i.MX8MQ? 

Thanks,

Bin

0 Kudos
Reply

1,114 Views
gusarambula
NXP TechSupport
NXP TechSupport

Hello Bin Lin,

The Android Verified Boot feature is present on the Android Automotive BSPs, which is why this feature is found on the releases focused primarily on the i.MX8QuadMax. Android BSPs that support the i.MX8MQ or other i.MX Processors do not include this feature as part of the BSP.

You may implement it yourself, but it’s not a trivial task. There is some resources on Androids website.

https://source.android.com/security/verifiedboot/avb

My apologies for the inconvenience.

Regards,

0 Kudos
Reply

1,114 Views
bl
Contributor II

Hello Gusarambula,

How about the AVB support for i.MX8MM on P9.0.0_2.3.0?

Or the for i.MX8MQ or i.MX8MM on Android-10.0.0_1.0.0?

We tried the AVB configuration steps on the i.MX8MM EVK based on instructions of P9.0.0_2.3.0 Security User's Guide (page 25) and got a error when trying to save the public key to RPMB.  

$ fastboot stage custom_rsa4096_public.bin           -  passed
$ fastboot oem set-public-key                                    - errored

Is that because the instructions only apply to i.MX8QuadMax, not the i.MX8MM or i.MX8MQ?

Thanks,

Bin

0 Kudos
Reply

1,114 Views
aber
Contributor III

Hello gusarambula

   I have similar problems and would like to consult you . In BSP device/fsl/imx8m/evk_8mm/BoardConfig.mk 

    BOARD_AVB_ENABLE := true
   BOARD_AVB_ALGORITHM := SHA256_RSA4096
   # The testkey_rsa4096.pem is copied from external/avb/test/data/testkey_rsa4096.pem
   BOARD_AVB_KEY_PATH := device/fsl/common/security/testkey_rsa4096.pem

these configurations do not enable AVB and configure the AVB key function? What are the specific functions of these configurations.

Tks!

0 Kudos
Reply