My question is:
According to the manual of iMX6, it mentioned that secure boot takes effect when DIR_BT_DIS and SEC_CONFIG in eFuse should be blown.
In the developing stage, can imx6 board use secure boot without eFuse blow? (internal boot mode or serial download mode)
Is there any way (such as setting GPIO or registers) to get this effect?
Thanks!
David
We are sorry for getting back to you so late. Are you still stuck with the issue? If you have somehow to resolved the issue, can we close the discussion? If you still need help, please feel free to reply with an update to this discussion.
Thanks,
Yixing
Yes, we still need help~~ thx~
David
We have some response from internal expert and response is below:
---------------------------------------------------------------------------------------------------
For iMX6 secure boot in development stage is possible to override the need to have efuses locked for secure boot,
by forcing the result of check_hab_enable to be true:
for uboot-imx branch imx_v2013.04_3.10.17_1.0.0_beta:
diff --git a/arch/arm/cpu/armv7/mx6/soc.c b/arch/arm/cpu/armv7/mx6/soc.c
index 4702dc6..2daaca6 100644
--- a/arch/arm/cpu/armv7/mx6/soc.c
+++ b/arch/arm/cpu/armv7/mx6/soc.c
@@ -643,7 +643,7 @@ int check_hab_enable(void)
if (reg & 0x2)
result = 1;
- return result;
+ return result = 1;
}
That way hab_authenticate is executed without the need to burn fuses, so user could make sure that secure boot is working as expected.
Is also recommended to define the macro DEBUG_AUTHENTICATE_IMAGE in the config header file for the platform used so
HAB can log more information.
---------------------------------------------------------------------------------------------------
Regards,
Yixing
David
I will branch your discussion into an internal group and assign an engineer to work on it.
Regards,
Yixing