i.MX families using AHAB seem to have firmware anti-rollback protection via SECO as documented here https://www.nxp.com/docs/en/application-note/AN12312.pdf
What about other iMX8 socs (like iMX8mm) with HAB instead of AHAB? how could they protect from firmware roll-back at hardware level? is there any command that can be set by the CST to enable this?
Solved! Go to Solution.
right but it seems strange, since the version can be embedded in the container header at build time for AHAB to process. https://www.nxp.com/docs/en/application-note/AN12312.pdf [page 4]
do you know why ROM/AHAB do not run this check and instead it expects the bootloader to do it? seems much safer the other way around...
The boot ROM (HAB) does not check boot image versions, this verification
can be implemented by customer's secondary boot (as U-boot).
Note, i.MX8Mm supports non-rollover monotonic counter. Please refer to
Security Reference Manual for i.MX 8M Mini for more details.