I am attempting to secure boot using the T1040RDB (rev 1.0) and U-boot. Here is what I have been able to accomplish:
RCW from SDK (rcw_sben_1400MHz.bin) and a modified U-Boot that does not define CONFIG_SECBOOT but simply added #define CONFIG_CMD_ESBC_VALIDATE. When I boot, I am able to verify secure boot is working by and read from 0xfe314014 which says everything is secure and trusted.
RCW (without SB_EN enabled or rcw_14000MHz.bin from SDK) and modified U-Boot with #define CONFIG_SECBOOT. In this case, the ISBC process does not happen, but I am able to manually check my bootscript and ensure that the steps of the ESBC process are occurring.
What I am having trouble with is putting everything together. At this point when I try to use both the RCW with SB_EN enabled (rcw_sben_1400MHz.bin) and U-Boot with #define CONFIG_SECBOOT, rebooting the serial console results in the system immediately locking up (I get no output back whatsoever). I have tried waiting for a while thinking that it needs some time to make it to the Kernel, but it never happens. To be clear, if I build U-Boot with just CONFIG_SECBOOT (no real modifications) and use the provided RCW with SB_EN bit set, then the system locks up entirely.
I was wondering if anyone happens to know a good way to debug this or has any suggestions as to why the secure boot doesn't reach the console.