Hello NXP Team,
I am working on Secure Boot Implementation based on i.MX8M Nano processor.
I think there's a good example for imx-boot image in mx8m_secure_boot.txt, but I have the questions for other images and authentication.
1) How does this work ?
[Authenticate Data]
# Key slot index used to authenticate the image data
Verification index = 2
# Authenticate Start Address, Offset, Length and file
Blocks = 0x80800000 0x00000000 0x006EA000 "zImage", \
0x83800000 0x00000000 0x0000B927 "imx7d-sdb.dtb", \
0x84000000 0x00000000 0x000425B8 "uTee-7dsdb"
Does cst binary really generate the CSF of calculating 3 images ?
If so, I should load zImage+imx7d-sdb.dtb+uTee-7dsdb to <Load Address> and assign 0x6EA000+0xB927+0x425B8 to <Image Size>, right ?
It's good we can make sure all images are released officially by authenticating a single image and fixes the problem of unsigned DTB which was discussed in other ticket.
https://community.nxp.com/t5/i-MX-Processors/Signing-DTB-in-Secure-Boot-Implementation/m-p/1231306
- Authenticate additional image:
=> hab_auth_img <Load Address> <Image Size> <IVT Offset>
2) Are there any document or sample code talking about the similar function like hab_auth_img in Linux ?
The idea is make sure the image passes the authentication before overwrite the FOTA images into eMMC.
Thanks.
