FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

MX28 Secure Boot for Wince system

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX28 Secure Boot for Wince system

‎05-07-2015 09:19 PM
1,100 Views
garylijs
Contributor II

Hi freescale engineers,

I want to prepare MX28 secure boot for Wince system, I don't find any introduction for Wince.

Someone ever said it's the same as linux, I have tried follow those doc to make secure boot for wince.NOW I don't know how to prepare my "Program Image".

According to this website:Mx28 Secure Boot .Follow steps I have done:

1. HAB4 keys and certificates

2. HAB4 SRK tables and efuse Hash

3 Set OPT bits

OPT key

SRK table hash

bit_setting.txt  (This TXT file download from freescale wetsite:Mx28 Secure Boot )

4. Program image  (wince: xldr, eboot, nk)

Thanks all,

Best Regards,

Gary

Labels (2)
Labels
0 Kudos
Reply
5 Replies

‎05-19-2015 02:16 PM
843 Views
Yuri
NXP Employee
NXP Employee

You may encrypt the whole WinCE image (nk.nb0) using approach, described

in section 5 (Encrypted boot and Elftosb) of the app note AN4555.

Best regards

Yuri

-----------------------------------------------------------------------------------------------------------------------

Note: If this post answers your question, please click the Correct Answer button. Thank you!

-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply

‎08-10-2016 07:07 PM
843 Views
collinshi
Contributor II

hi Yuri,

Does it need some permit to access the Mx28 Secure Boot ?

It always tell me "Unauthorized" when I open this page.

0 Kudos
Reply

‎08-10-2016 10:40 PM
843 Views
Yuri
NXP Employee
NXP Employee

Hello,

yes, this is internal link.

Please create request to get it.


"How to submit a new question for NXP Support"

< https://community.freescale.com/docs/DOC-329745 >

Regards,

Yuri.

0 Kudos
Reply

‎08-11-2016 08:31 AM
843 Views
collinshi
Contributor II

Hello,

Thanks. I get the the Mx28 Secure Boot document.

in this document, it has a step to tell how to sign the uimage.

7. Sign uImage

we can create the IVT struct to set the *entry,  *self and *csf pointer value for the uImage.

But for the power_prep and boot_prep ,there is a patch to add the ivt structure.

0001-enable-hab-in-imx-bootlets.patch is hab patch for
imx-bootlets. It add the ivt structure to power_prep and boot_prep, reserve
0x2000 bytes for csf data.

I am working on HAB for wince eboot.

For wince eboot,there is no patch to do so.

May I create the ivt struct of xldr & eboot by manually set the  *entry,  *self and *csf pointer value as the uImage example?

Is there any special limitation of the IVT ? For example , the IVT 's *self must be 0x8000 ? In the *.bd file, we can see they always load the ivt into 0x8000. Such as:

load ivt (entry = power_prep:_start) > 0x8000;

0 Kudos
Reply

‎05-13-2015 09:19 PM
843 Views
garylijs
Contributor II

Following the instruction of secure boot for linux system.Currently,I was successfully able to use HAB and Code Sign Tool to sign and validate the signature of the Eboot.

0 Kudos
Reply