u-boot signing for imx8qxp secure boot

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

u-boot signing for imx8qxp secure boot

745件の閲覧回数
rakesh3
Contributor V

Hi team,

 

I am working on secure boot of imx8qxp-mek board and i am following the below doc for that.

https://github.com/nxp-imx/uboot-imx/blob/lf_v2023.04/doc/imx/ahab/guides/mx8_mx8x_spl_secure_boot.t...

Since I am using the flash_spl binary for target so I am using above doc.

I have certain doubts, please help me to understand on this.

1) As per doc first we have to sign the "u-boot-atf-container.img" and then final flash_spl will have 3 containers.

scfw_tcm.bin, u-boot-spl.bin, u-boot-atf-container.img

In above we have signed u-boot-atd-container.img and using it further for creating the flash.bin.

but in the doc its mentioned 

"The flash.bin file include three containers and the second container have to be
signed using the Code Signing Tool (CST)."

Here 2nd container i think is u-boot-spl.bin . So, do we need to sign this also or not ? 

Please clarify on this 

2) I am using csf_uboot_atf.txt for signing the u-boot-atf-container.img,  and since i have generated the SRK key with CA flags enabled so ,which csf file should i use to create final signed image flash.bin .csf_boot_image_sgh.txt or csf_boot.txt

 

Please suggest some input on these doubts.

 

Regards,

Rk

ラベル(1)
タグ(3)
3 返答(返信)

724件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

1),  If you check the soc.mak, the out is flash.bin

2), csf_boot_image_sgk.txt

 

Best regards

Harvey

0 件の賞賛
返信

710件の閲覧回数
rakesh3
Contributor V

Hi @Harvey021 , 

thanks for reply,

for 1 ) I meant that as per the doc mentioned 

"The flash.bin file include three containers and the second container have to be
signed using the Code Signing Tool (CST)."

flash_spl: $(MKIMG) $(AHAB_IMG) scfw_tcm.bin u-boot-spl.bin u-boot-atf-container.img

Here 2nd container for flash.bin i think is u-boot-spl.bin . So, do we need to sign this u-boot-spl.bin or not ? if yes then how , its not mentioned in the doc. please suggest .

thanks for clarify the 2nd point.

 

Regards,

Rk

0 件の賞賛
返信

686件の閲覧回数
Harvey021
NXP TechSupport
NXP TechSupport

Yes, you need to include the u-boot-spl.bin which will be wrapped into flash.bin

 

Best regards

Harvey

0 件の賞賛
返信