Hello,
I am trying to test the secure boot feature in the iMX9 11x11 EVK. I have successfully generated a signed image of u-boot and a fuse.bin file for SoC's internal fuses.
The issue is that I would like to test it before burning EVK's internal fuses, that's why I tried to override fuse values' shadow registers. I'm not sure if I have an accurate idea of shadow registers. As far as I have undestood, in U-boot prompt I can change the read fuse values to another values with "fuse override" command, this changes are temporary so once that I reset the board the overriden values are erased (Are they RAM variables or something similar?).
The problem comes when I try to override those fuses:
And if I take a look where I consider that this command is called in U-boot source code (drivers/misc/imx_ele/fuse.c):
I don't know if in iMX8ULP fuse overriding is permitted or not, I guess it is not, but I have undestood that in iMX9 this feature is available. I say so because of information given in the reference manual (page 226 for example):
So my question is as follows, is fuse overriding for testing purposes available in iMX9 or not?
Best regards,
Gorka.
Hello,
indeed i.MX8ULP and i.MX93 uses the same driver for the fuse command, as you can see.
Also, based on this, the driver do not support fuse override on either i.MX8ULP or i.MX93.
Best regards/Saludos,
Aldo.
Hello AldoG,
Thank you for your reply. I see that it is not supported. But is this feature available in imx9 and the driver hasn't been developed yet or it is not even present that feature?
As I cannot verify the process without burning fuses, is it any way I can verify that the image is signed correctly? Maybe emulating the boot process in my computer?
I mean, computing the hash of the bootloader and comparing it to the decrypted signature of the image using the public key?
I would like to test the key generation and image signing somehow without burning the fuses of the EVK yet.
Best regards,
Gorka.