Dear NXP community,
since I am able to encrypt the uboot successfully, I can't boot the linux kernel image (uImage).
I noticed, l that the kernel stops initialisation when he wants to load the caam drivers.
When I use the [Unlock] command in my CSF file (with Engine = CAAM; Features = RNG) the kernel boots!
Without this command he stopps at said drivers.
I am using the code signing tool 2.3.2
So my question is, is this Unlock cammand necessary?
If so, why...
Regards,
Frieder Baumgratz
Solved! Go to Solution.
Hi,
Please read the Secure Boot using HAB application note:
https://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf
The section "3.3.2. RNG Trim fuses" explains that behavior.
Regards,
Gary
Hi,
Please read the Secure Boot using HAB application note:
https://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf
The section "3.3.2. RNG Trim fuses" explains that behavior.
Regards,
Gary
I just noticed, that when I set the [Unlock] command (with Engine = CAAM; Features = RNG) I can no longer use the dek_blob function.
UBoot prints: RNG: Instantiation failed with error fffffffe
Regards,
Frieder
Hello,
From section 3.3.2.2 [Option 2 – Defer RNG Instantiation for Post HAB
Software (Recommended Option)] of AN4581 :
"Any operations requiring the RNG are not available to software until it is initialized,
such as encryption and blob generation. This does not affect HAB-signed or encrypted
boot features"
Regards,
Yuri.
Thank your for your answer.
Regards,
Frieder
Hi,
thanks for your help.
Regards,
Frieder