Am in process of setting up secure boot for iMX8M-Mini.
I have managed to create signed flash.bin. Now to extend root of trust, we also need to sign & authenticate kernel image. Detailed procedure for this is given in section 2 of the guide in above link.
One of the step for signing image is to create csf using csf_additional_images.txt to generate Image_Signed.bin.
Now in csf_additional_images we need to enter Start Address, Offset, Length and file under [Authentic Data] section.
How and where to get the given information? for more info refer this example.
1. Please check your U-Boot environment for the correct kernel Load Address.
U-boot> printenv loadaddr
2. The offset is zero.
3. The Image must be padded first, the padding size can be read from image header with “od” command.
od -t x4 -j 0x10 -N 0x4 Image
The tool “objcopy” can be used for padding the image. For example, the size read from image header
objcopy -I binary -O binary --pad-to 0x13b7000 --gap-fill=0x5A Image Image_pad.bin