imx8 secure boot questions - Revoking SRK

xuxa · ‎11-29-2023

Hello,

I currently have succeeded signing images and have burned SRK. The unit is booting up without a problem.

But lets say I want to revoke a SRK

for example I want to revoke the SRK in index 3, this would mean if I use the index 3 in signing my images and flash it to my imx8, it won't continue to boot.

and when i use index 1 which is not revoke, it will work. is this correct?

My question is how can I revoke the SRK(any index) in the userspace? without manually intervention in the uboot or using uuu tool?

Regards,

Xuxa

Harvey021 · ‎12-05-2023

Yes, to operate it from U-Boot or UUU in current version of BSP.

Having checked internal team, probably it'll be included in the new BSP in 2024.

For current BSP, I send you email in which you will find patch just for reference.

Regards

Harvey

xuxa · ‎12-06-2023

Also, I found this first before posting this topic.

https://community.nxp.com/t5/i-MX-Processors/i-MX8X-permanently-revoke-a-SRK-key/m-p/1209783/highlig...

Do you have any comment in this related to my question?

and is the seco commit similar to the patch you've sent?

Best Regards,

Xuxa

xuxa · ‎12-06-2023

do you mean revoking SRK in user space will be included in the new BSP in 2024?
I might change the title of this topic, since i'm looking it for imx8mn
Could you take a look on the reply I sent regarding the patch.

Thank you,
Xuxa

Harvey021 · ‎12-03-2023

Hi @xuxa

Revoke operation is not applicable in user space.

Regards

Harvey

xuxa · ‎12-03-2023

Hi @Harvey021

Will it be possible from using OTA/.fit?

or is it from uboot or uuu only?

Thanks for the reply!