AnsweredAssumed Answered

How to verify if secure boot is enabled on my imx6 SOC?

Question asked by Swapnil Pendhare on Oct 29, 2015
Latest reply on Oct 29, 2015 by igorpadykov

Hi,

I am using yocto daisy project (linux kernel 3.10.17) on wandboard-quad.
I followed all the steps mentioned in required for setting secure boot mentioned in following documents.  including burning SRK keys and  secure_enable (HW_OCOTP_CFG5) register from Linux.

  1. AN4581_HAB_Application_Note.pdf - Secure Boot on i.MX50, i.MX53, and i.MX 6 Series using HABv4 Application Note
  2. i.MX_6_Linux_High_Assurance_Boot_(HAB)_User's_Guide.pdf - i.MX 6 Linux High Assurance Boot (HAB) User's Guide

 

With setup I confirmed that uboot with valid signing information can boot. and the status of hab_status command shows success. with hab_config as 0xcc.

 

But in Linux the default sm_test driver is still using public key for encryption and decryption.

 

Is there any way I can verify that I am having secure boot system and the key used for encryption is now hardware key and not public key??

 

Thanks

Swapnil

Outcomes