Hi team,
I am working on secure boot of imx8qxp-mek board and i am following the below doc for that.
https://github.com/nxp-imx/uboot-imx/blob/lf_v2023.04/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.t...
Since I am using the flash_spl binary for target so I am using above doc.
I have certain doubts, please help me to understand on this.
1) As per doc first we have to sign the "u-boot-atf-container.img" and then final flash_spl will have 3 containers.
scfw_tcm.bin, u-boot-spl.bin, u-boot-atf-container.img
In above we have signed u-boot-atd-container.img and using it further for creating the flash.bin.
but in the doc its mentioned
"The flash.bin file include three containers and the second container have to be
signed using the Code Signing Tool (CST)."
Here 2nd container i think is u-boot-spl.bin . So, do we need to sign this also or not ?
Please clarify on this
2) I am using csf_uboot_atf.txt for signing the u-boot-atf-container.img, and since i have generated the SRK key with CA flags enabled so ,which csf file should i use to create final signed image flash.bin .csf_boot_image_sgh.txt or csf_boot.txt
Please suggest some input on these doubts.
Regards,
Rk
