I uncommented CONFIG_SECURE_BOOT to support secure mode.
I tried to copy image data from QSPI flash to memory then do verification.
I can verify zImage successfully via hab_auth_img command on uboot.
However, i cannot verify uboot through this command.
I want to confirm that whether uboot image cannot be verified on uboot via hab_auth_img command?
uboot image only can be verified by boot room?
If cannot verify assigned uboot image on memory via hab_auth_img command,
Which combinations of HAB APIs can be used for this verification purpose?
Hello,
Main idea behind HAB technology is checking image (by external code)
before running it. U-boot is checked by boot ROM ; kernel - by U-boot.
This is not good idea to verify application by itself.
Have a great day,
Yuri
------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer
button. Thank you!
Any combinations of HAB APIs can be used for this verification purpose!?
Hello,
Yes, HAB API (based on boot ROM code) may be used to verify images.
Please refer to "HAB4_API.pdf" in the CST.
https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL
Regards,
Yuri.
Hi Yuri,
I mean that use HAB APIs to verify U-boot under U-boot.
Is it possible?
BR,
carter
Hello,
theoretically it is possible to use HAB API for U-boot self-checking,
but we never tried it. You should take into account, that
1) U-boot can be relocatable ;
2) all of the following data should be included in tested area (their final locations):
* IVT;
* DCD ;
* Boot Data ;
* Entry point .
Regards,
Yuri.