iMX6 ull encrypted boot

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

iMX6 ull encrypted boot

ソリューションへジャンプ
1,994件の閲覧回数
CarlosFG
Contributor II

I'm trying to enable encrypted boot in iMX6 ULL EVK. According to IMX6ULLRM and IMX6ULLSRM this should be possible. One of the steps to get encrypted boot work is generate a "dek blob" [1][2] inside the processor. In order to do that, there is a u-boot command named "dek_blob" that uses the CAAM [1][3][4]. I couldn't get his command work, It fails at this point in a function named caam_page_alloc() which is always called with the same parameters: caam_page_alloc(1, 1), this means it fails regardless of how I use the dek_blob command. I also tried to use the CAAM Linux drivers unsuccessfully. Later I found in a couple of sites the CAAM is not available in iMX6ULL [5][6]

So my question is ¿How can I encapsulate a DEK and obtain a dek blob in the iMX6ULL?

  1. Code-signing Tool User's Guide
  2. AN12056
  3. U-boot introduction to HABv4
  4. U-boot encrypted boot
  5. https://community.nxp.com/t5/i-MX-Processors/Signed-and-encrypted-boot-in-i-MX6UL/m-p/466447/highlig...
  6. https://patchwork.kernel.org/project/linux-arm-kernel/patch/1523739330-27363-1-git-send-email-festev...
ラベル(2)
0 件の賞賛
返信
1 解決策
1,967件の閲覧回数
igorpadykov
NXP Employee
NXP Employee

Hi CarlosFG

 

unfortunately i.MX6ULL does not support encrypted boot.

 

Best regards
igor

元の投稿で解決策を見る

0 件の賞賛
返信
4 返答(返信)
1,968件の閲覧回数
igorpadykov
NXP Employee
NXP Employee

Hi CarlosFG

 

unfortunately i.MX6ULL does not support encrypted boot.

 

Best regards
igor

0 件の賞賛
返信
1,933件の閲覧回数
CarlosFG
Contributor II

Thanks you very much igorpadykov.

The Applications Processor Reference Manual for this device (IMX6ULLRM) says the encrypted boot is supported. I humbly suggest to amend it in order to avoid other engineers waste their time trying to make it work.

CarlosFG_0-1612770985948.png

 

0 件の賞賛
返信
1,899件の閲覧回数
igorpadykov
NXP Employee
NXP Employee
 

Hi CarlosFG

 

in theory it can be supported, but in practice NXP software implementation currently

supports only CAAM based options.

 

Best regards
igor

0 件の賞賛
返信
1,263件の閲覧回数
mprt
Contributor I

Is there any update on this matter?

You wrote that there is currently only the CAAM based implementation.

I hope there's a way to implement encrypted boot using the various keys. Unfortunately, I don't have access to the SRM.

0 件の賞賛
返信