I am using yocto daisy project (linux kernel 3.10.17) on wandboard-quad.
I followed all the steps mentioned in required for setting secure boot mentioned in following documents. including burning SRK keys and secure_enable (HW_OCOTP_CFG5) register from Linux.
- AN4581_HAB_Application_Note.pdf - Secure Boot on i.MX50, i.MX53, and i.MX 6 Series using HABv4 Application Note
- i.MX_6_Linux_High_Assurance_Boot_(HAB)_User's_Guide.pdf - i.MX 6 Linux High Assurance Boot (HAB) User's Guide
With setup I confirmed that uboot with valid signing information can boot. and the status of hab_status command shows success. with hab_config as 0xcc.
But in Linux the default sm_test driver is still using public key for encryption and decryption.
Is there any way I can verify that I am having secure boot system and the key used for encryption is now hardware key and not public key??