Hi everyone!
I have different questions about secure boot on imx6ull (that runs linux compiled with Yocto - release sumo).
Thank you all in advance!
Solved! Go to Solution.
Hello,
1.
HAB on iMX doesn't verify the certificate period, so a signed image will continue
to boot on closed (locked) independent of certificate period set with CST tool.
2.
The i.MX fuses can be burned only once. So, the fuses are recommended to be burned
after / with system images transfer, using UUU (MFG tool).
3.
It impossible to make secure boot without burning efuses. SRK fuses contain SRK hashes,
which are verified by boot ROM.
Regards,
Yuri.
Hello,
1.
HAB on iMX doesn't verify the certificate period, so a signed image will continue
to boot on closed (locked) independent of certificate period set with CST tool.
2.
The i.MX fuses can be burned only once. So, the fuses are recommended to be burned
after / with system images transfer, using UUU (MFG tool).
3.
It impossible to make secure boot without burning efuses. SRK fuses contain SRK hashes,
which are verified by boot ROM.
Regards,
Yuri.