imx8 secure boot questions - Revoking SRK

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

imx8 secure boot questions - Revoking SRK

1,910 Views
xuxa
Contributor I

Hello,

I currently have succeeded signing images and have burned SRK. The unit is booting up without a problem.

But lets say I want to revoke a SRK

for example I want to revoke the SRK in index 3, this would mean if I use the index 3 in signing my images and flash it to my imx8, it won't continue to boot.

and when i use index 1 which is not revoke, it will work. is this correct?

 

My question is how can I revoke the SRK(any index) in the userspace? without manually intervention in the uboot or using uuu tool?

 

Regards,

Xuxa

0 Kudos
Reply
5 Replies

1,847 Views
Harvey021
NXP TechSupport
NXP TechSupport

Yes, to operate it from U-Boot or UUU in current version of BSP.

Having checked internal team, probably it'll be included in the new BSP in 2024.

For current BSP, I send you email in which you will find patch just for reference.

 

Regards

Harvey

 

0 Kudos
Reply

1,826 Views
xuxa
Contributor I

Also, I found this first before posting this topic.

https://community.nxp.com/t5/i-MX-Processors/i-MX8X-permanently-revoke-a-SRK-key/m-p/1209783/highlig...

Do you have any comment in this related to my question?

and is the seco commit similar to the patch you've sent?

 

Best Regards,

Xuxa

0 Kudos
Reply

1,829 Views
xuxa
Contributor I
do you mean revoking SRK in user space will be included in the new BSP in 2024?
I might change the title of this topic, since i'm looking it for imx8mn
Could you take a look on the reply I sent regarding the patch.

Thank you,
Xuxa
0 Kudos
Reply

1,882 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi @xuxa 

Revoke operation is not applicable in user space.

 

Regards

Harvey

0 Kudos
Reply

1,878 Views
xuxa
Contributor I

Hi @Harvey021 

Will it be possible from using OTA/.fit?

or is it from uboot or uuu only?

Thanks for the reply!

0 Kudos
Reply