FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

secure boot on imx8m plus on Android14 BSP

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

secure boot on imx8m plus on Android14 BSP

‎01-12-2026 10:55 PM
1,893 Views
Suryashmichakraborty
Contributor I

I want to enable the secure boot on imx8m plus board with Android 14 BSP, such that the board will always boot on our signed keys only.

0 Kudos
Reply
7 Replies

‎02-09-2026 12:19 AM
972 Views
Suryashmichakraborty
Contributor I

I am unable to sign the correct image on my imx8m plus board after fusing the keys permanently on the board! 

0 Kudos
Reply

‎01-13-2026 08:08 PM
1,835 Views
joanxie
NXP TechSupport
NXP TechSupport

pls refer to this document firstly

https://community.nxp.com/t5/i-MX-Processors-Knowledge-Base/Steps-for-single-secure-boot-for-Android...

0 Kudos
Reply

‎01-15-2026 12:28 AM
1,784 Views
Suryashmichakraborty
Contributor I

I have followed the steps given in the PDF and generated the keys like: 

SRK1_sha256_1024_65537_v3_ca_key.der
SRK1_sha256_1024_65537_v3_ca_key.pem
SRK1_sha256_1024_65537_v3_usr_key.der
SRK1_sha256_1024_65537_v3_usr_key.pem
SRK1_sha256_2048_65537_v3_ca_key.der
SRK1_sha256_2048_65537_v3_ca_key.pem
SRK2_sha256_1024_65537_v3_ca_key.der
SRK2_sha256_1024_65537_v3_ca_key.pem
SRK2_sha256_2048_65537_v3_ca_key.der
SRK2_sha256_2048_65537_v3_ca_key.pem
SRK3_sha256_2048_65537_v3_ca_key.der
SRK3_sha256_2048_65537_v3_ca_key.pem
SRK4_sha256_2048_65537_v3_ca_key.der
SRK4_sha256_2048_65537_v3_ca_key.pem and also the CSF, IMG and CA.

the private keys are openssl x509 -in crts/SRK1_sha256_2048_65537_v3_ca_crt.pem -text -noout | grep Subject
Subject: CN = SRK1_sha256_2048_65537_v3_ca
Subject Public Key Info:
X509v3 Subject Key Identifier: 

openssl x509 -in crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem -text -noout | grep Issuer
Issuer: CN = SRK1_sha256_2048_65537_v3_ca

openssl rsa -in keys/SRK1_sha256_2048_65537_v3_ca_key.pem -check
Enter pass phrase for keys/SRK1_sha256_2048_65537_v3_ca_key.pem:
RSA key ok

Are all these keys ready to flash on imx8m plus smarc som?

 

0 Kudos
Reply

‎01-19-2026 07:10 PM
1,591 Views
joanxie
NXP TechSupport
NXP TechSupport

did you generate SRK table already?

0 Kudos
Reply

‎01-20-2026 11:50 PM
1,525 Views
Suryashmichakraborty
Contributor I

yes,SRK Hash TableSRK Hash Table the SRK Hash table is generated successfully from the keys

0 Kudos
Reply

‎01-26-2026 05:44 PM
1,226 Views
joanxie
NXP TechSupport
NXP TechSupport

ok, then you can refer to the chapter 3.1.2.2 Signing bootloader images and 3.1.2.3 Signing the MCU firmware of enclosed file

Preview file
1058 KB
0 Kudos
Reply

‎02-03-2026 04:47 AM
1,078 Views
Suryashmichakraborty
Contributor I

I have burned the fuses on my imx8m plus board, but unable to get the signed image or flashing, WhatsApp Image 2026-02-03 at 4.53.55 PM.jpeghex.jpgflash.jpg

how to recover and find the correct igned image for flashig?

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2292206%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3Esecure%20boot%20on%20imx8m%20plus%20on%20Android14%20BSP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2292206%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EI%20want%20to%20enable%20the%20secure%20boot%20on%20imx8m%20plus%20board%20with%20Android%2014%20BSP%2C%20such%20that%20the%20board%20will%20always%20boot%20on%20our%20signed%20keys%20only.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2292206%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CLINGO-LABEL%3Ei.MX%208%20Family%20%7C%20i.MX%208QuadMax%20(8QM)%20%7C%208QuadPlus%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2292920%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20secure%20boot%20on%20imx8m%20plus%20on%20Android14%20BSP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2292920%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3Epls%20refer%20to%20this%20document%20firstly%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fi-MX-Processors-Knowledge-Base%2FSteps-for-single-secure-boot-for-Android-BSP%2Fta-p%2F2157256%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fi-MX-Processors-Knowledge-Base%2FSteps-for-single-secure-boot-for-Android-BSP%2Fta-p%2F2157256%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2294003%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20secure%20boot%20on%20imx8m%20plus%20on%20Android14%20BSP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2294003%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EI%20have%20followed%20the%20steps%20given%20in%20the%20PDF%20and%20generated%20the%20keys%20like%3A%26nbsp%3B%3C%2FP%3E%3CP%3ESRK1_sha256_1024_65537_v3_ca_key.der%3CBR%20%2F%3ESRK1_sha256_1024_65537_v3_ca_key.pem%3CBR%20%2F%3ESRK1_sha256_1024_65537_v3_usr_key.der%3CBR%20%2F%3ESRK1_sha256_1024_65537_v3_usr_key.pem%3CBR%20%2F%3ESRK1_sha256_2048_65537_v3_ca_key.der%3CBR%20%2F%3ESRK1_sha256_2048_65537_v3_ca_key.pem%3CBR%20%2F%3ESRK2_sha256_1024_65537_v3_ca_key.der%3CBR%20%2F%3ESRK2_sha256_1024_65537_v3_ca_key.pem%3CBR%20%2F%3ESRK2_sha256_2048_65537_v3_ca_key.der%3CBR%20%2F%3ESRK2_sha256_2048_65537_v3_ca_key.pem%3CBR%20%2F%3ESRK3_sha256_2048_65537_v3_ca_key.der%3CBR%20%2F%3ESRK3_sha256_2048_65537_v3_ca_key.pem%3CBR%20%2F%3ESRK4_sha256_2048_65537_v3_ca_key.der%3CBR%20%2F%3ESRK4_sha256_2048_65537_v3_ca_key.pem%20and%20also%20the%20CSF%2C%20IMG%20and%20CA.%3C%2FP%3E%3CP%3Ethe%20private%20keys%20are%26nbsp%3Bopenssl%20x509%20-in%20crts%2FSRK1_sha256_2048_65537_v3_ca_crt.pem%20-text%20-noout%20%7C%20grep%20Subject%3CBR%20%2F%3ESubject%3A%20CN%20%3D%20SRK1_sha256_2048_65537_v3_ca%3CBR%20%2F%3ESubject%20Public%20Key%20Info%3A%3CBR%20%2F%3EX509v3%20Subject%20Key%20Identifier%3A%26nbsp%3B%3C%2FP%3E%3CP%3Eopenssl%20x509%20-in%20crts%2FCSF1_1_sha256_2048_65537_v3_usr_crt.pem%20-text%20-noout%20%7C%20grep%20Issuer%3CBR%20%2F%3EIssuer%3A%20CN%20%3D%20SRK1_sha256_2048_65537_v3_ca%3C%2FP%3E%3CP%3Eopenssl%20rsa%20-in%20keys%2FSRK1_sha256_2048_65537_v3_ca_key.pem%20-check%3CBR%20%2F%3EEnter%20pass%20phrase%20for%20keys%2FSRK1_sha256_2048_65537_v3_ca_key.pem%3A%3CBR%20%2F%3ERSA%20key%20ok%3C%2FP%3E%3CP%3EAre%20all%20these%20keys%20ready%20to%20flash%20on%20imx8m%20plus%20smarc%20som%3F%3C%2FP%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2296224%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20secure%20boot%20on%20imx8m%20plus%20on%20Android14%20BSP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2296224%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3Edid%20you%20generate%20SRK%20table%20already%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2297096%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20secure%20boot%20on%20imx8m%20plus%20on%20Android14%20BSP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2297096%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3Eyes%2C%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22SRK%20Hash%20Table%22%20style%3D%22width%3A%20742px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22SRK%20Hash%20Table%22%20style%3D%22width%3A%20742px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22SRK%20Hash%20Table%22%20style%3D%22width%3A%20742px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22SRK%20Hash%20Table%22%20style%3D%22width%3A%20742px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22SRK%20Hash%20Table%22%20style%3D%22width%3A%20742px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F373638i96E71DFD46DCB6DE%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22hashtab.jpg%22%20alt%3D%22SRK%20Hash%20Table%22%20%2F%3E%3Cspan%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ESRK%20Hash%20Table%3C%2Fspan%3E%3C%2Fspan%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ESRK%20Hash%20Table%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ESRK%20Hash%20Table%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ESRK%20Hash%20Table%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ESRK%20Hash%20Table%3C%2FSPAN%3E%3C%2FSPAN%3E%20the%20SRK%20Hash%20table%20is%20generated%20successfully%20from%20the%20keys%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2300718%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20secure%20boot%20on%20imx8m%20plus%20on%20Android14%20BSP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2300718%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3Eok%2C%20then%20you%20can%20refer%20to%20the%20chapter%26nbsp%3B3.1.2.2%20Signing%20bootloader%20images%20and%26nbsp%3B3.1.2.3%20Signing%20the%20MCU%20firmware%20of%20enclosed%20file%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2305295%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20secure%20boot%20on%20imx8m%20plus%20on%20Android14%20BSP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2305295%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EI%20have%20burned%20the%20fuses%20on%20my%20imx8m%20plus%20board%2C%20but%20unable%20to%20get%20the%20signed%20image%20or%20flashing%2C%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22WhatsApp%20Image%202026-02-03%20at%204.53.55%20PM.jpeg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22WhatsApp%20Image%202026-02-03%20at%204.53.55%20PM.jpeg%22%20style%3D%22width%3A%20999px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22WhatsApp%20Image%202026-02-03%20at%204.53.55%20PM.jpeg%22%20style%3D%22width%3A%20999px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F375304i75A205528DAD7670%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22WhatsApp%20Image%202026-02-03%20at%204.53.55%20PM.jpeg%22%20alt%3D%22WhatsApp%20Image%202026-02-03%20at%204.53.55%20PM.jpeg%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22hex.jpg%22%20style%3D%22width%3A%20727px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22hex.jpg%22%20style%3D%22width%3A%20727px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22hex.jpg%22%20style%3D%22width%3A%20727px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F375305i8A00AD032B70C351%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22hex.jpg%22%20alt%3D%22hex.jpg%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22flash.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22flash.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22flash.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F375306iBB8365EC3767440B%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22flash.jpg%22%20alt%3D%22flash.jpg%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3Ehow%20to%20recover%20and%20find%20the%20correct%20igned%20image%20for%20flashig%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2314410%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20secure%20boot%20on%20imx8m%20plus%20on%20Android14%20BSP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2314410%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EI%20am%20unable%20to%20sign%20the%20correct%20image%20on%20my%20imx8m%20plus%20board%20after%20fusing%20the%20keys%20permanently%20on%20the%20board!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E