We have the iMX8QuadXPlus MEK CPU Board.
We followed the below steps to enable Secure Storage TA on this board.
Step 1: Built the Android image for the same using the android_p9.0.0_2.3.4 package.
Step 2: Flashed the trusty image using the following command:
./uuu_imx_android_flash.sh -f imx8qxp -a -e -u trusty-c0
Step 3: The board boots successfully.
Step 4: Entered the fastboot mode using reboot bootloader command on the target
Step 5: Tried to enable the Secure Storage using the following commands
root@XXXX:/android_build/out/target/product/mek_8q# fastboot stage rpmb_key_test.bin
target reported max download size of 419430400 bytes
sending 'rpmb_key_test.bin' (0 KB)...
OKAY [ 0.028s]
finished. total time: 0.028s
root@XXXX://android_build/out/target/product/mek_8q# fastboot oem set-rpmb-key
...
OKAY [ 0.152s]
finished. total time: 0.152s
root@test-Precision-3630-Tower:/home/nanduser/nishad_2_3_4/android_build/out/target/product/mek_8q#
Step 6: Got the following output :
Starting download of 36bytes
downloading of 36 bytes finished
RPMB key programmed successfully!
RPMB key blob generated!
Step 7: After reboot we see following error:
avb: 265: Error: missing public key file [0]
avb.c:108: ERROR avb_do_tipc: AVB service returned error (2)
fsl_validate_vbmeta_public_key_rpmb: Read public key error
avb_slot_verify.c:783: ERROR: vbmeta_a: Public key used to sign data rejected.
resetting ...
Step 9: The board then reboots again automatically.
How do I recover from this ?
Thanks you for your time,
Nishad
Solved! Go to Solution.
Hi nishadkamdar
one can try to set public key as described in sect.3.3.3 Generating AVB key to sign and verify images
i.MX_Android_Security_User_Guide included in P9.0.0_2.3.4 release package.
$ fastboot oem set-public-key
Best regards
igor
Hi nishadkamdar
one can try to set public key as described in sect.3.3.3 Generating AVB key to sign and verify images
i.MX_Android_Security_User_Guide included in P9.0.0_2.3.4 release package.
$ fastboot oem set-public-key
Best regards
igor
Hello Igor,
Thanks for the quick reply.
I tried the following steps and could boot the board:
Step 1: Flash the rpmb key.
Step 2: Reboot the board.
Step 3: Stop in uboot.
Step 4: enter fastboot mode using fastboot 0 command
Step 5: Flash the AVB public key.
Step 6: reboot the board
The boards boots successfully now.
Thanks and regards,
Nishad
How do we stop in uboot mode ? I have this imx8qx EVK kit and looking for better option for uboot command line to experiment.