I'm trying to enable encrypted boot in iMX6 ULL EVK. According to IMX6ULLRM and IMX6ULLSRM this should be possible. One of the steps to get encrypted boot work is generate a "dek blob" [1][2] inside the processor. In order to do that, there is a u-boot command named "dek_blob" that uses the CAAM [1][3][4]. I couldn't get his command work, It fails at this point in a function named caam_page_alloc() which is always called with the same parameters: caam_page_alloc(1, 1), this means it fails regardless of how I use the dek_blob command. I also tried to use the CAAM Linux drivers unsuccessfully. Later I found in a couple of sites the CAAM is not available in iMX6ULL [5][6]
So my question is ¿How can I encapsulate a DEK and obtain a dek blob in the iMX6ULL?
解決済! 解決策の投稿を見る。
Hi CarlosFG
unfortunately i.MX6ULL does not support encrypted boot.
Best regards
igor
Thanks you very much igorpadykov.
The Applications Processor Reference Manual for this device (IMX6ULLRM) says the encrypted boot is supported. I humbly suggest to amend it in order to avoid other engineers waste their time trying to make it work.
Hi CarlosFG
in theory it can be supported, but in practice NXP software implementation currently
supports only CAAM based options.
Best regards
igor
Is there any update on this matter?
You wrote that there is currently only the CAAM based implementation.
I hope there's a way to implement encrypted boot using the various keys. Unfortunately, I don't have access to the SRM.