imx8plus secureboot --- Signature verification of the application

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

imx8plus secureboot --- Signature verification of the application

Jump to solution
569 Views
chen-wust
Contributor II

After signing and verifying the uboot and kernel( HAB), how do we verify the signatures of the applications running in the os? Do we need special configuration of the kernel? Or is there another way?

0 Kudos
1 Solution
554 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi @chen-wust 

As there is no hab api interface in our Linux, would suggest writing the driver in the kernel space to call the hab api pointer.

 

Best regards

Harvey

View solution in original post

0 Kudos
3 Replies
555 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi @chen-wust 

As there is no hab api interface in our Linux, would suggest writing the driver in the kernel space to call the hab api pointer.

 

Best regards

Harvey

0 Kudos
529 Views
chen-wust
Contributor II

I had another problem when I signed uboot.

I want to sign uboot with a shell script. So I have to know the Authenticate date star-address、offset and file size.

I can get the address and size of the fdt atf tee by using the following command.

make SOC=iMX8MP print_fit_hab | tee adress.txt

However, I could not get the address information of csf_off, sld_csf_off, spl_hab_block which is output to the terminal through the ./mkimage_imx8 tool.

./mkimage_imx8 -version v2 -fit -loader u-boot-spl-ddr.bin 0x920000 -second_loader u-boot.itb 0x402000000 0x60000 -out flash.bin

I have tried a number of ways to capture the print of the above command, but all have failed.

So I cannot get the address information of csf_off through shell command.

Do you have any solutions? Is there a way to redirect ./mkimage_imx8 print information?

 

 

 

0 Kudos
510 Views
Harvey021
NXP TechSupport
NXP TechSupport

Answered back with this case(00517484)。

 

Best regards

Harvey

0 Kudos