Hello,
I'm using imx6q and trying to boot u-boot image (with IVT, DCD and CSF) with encrypted and signed u-boot.bin section. Separately signing and encryption works perfectly. But if I try to sign encrypted section boot fails.
Here is fragment the csf file I'm using:
...
[Authenticate Data]
...
Blocks = 0x00907400 0x00000C00 0x00008c00 "u-boot"
...
[Decrypt Data]
...
Blocks = 0x00907400 0x00000C00 0x00008c00 "u-boot"
Does anybody knows if it is possible to sign encrypted u-boot.bin section using CSF ?
Thanks
Please refer an example of encrypted u-boot:
https://community.nxp.com/docs/DOC-332147
Have a great day,
Victor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
Hi,
The link you've sent doesn't contain answer to the question: is it possible to sign and encrypt whole u-boot.bin.
All examples and Figure "Chosen memory layout of the encrypted u-boot" on page Encrypted U-boot Example use signature only for unencrypted data, while encrypted part stays unsigned. Like this :
[Authenticate Data]
Blocks = 0x177ff400 0x00000000 0x00000C10 "./u-boot.imx"
[Decrypt Data]
Blocks = 0x17800010 0x00000C10 0x0007AFF0 "./u-boot.imx"
Is it possible to add extra "Authenticate Data" with the same block as in "Decrypt Data" ?
[Authenticate Data]
Blocks = 0x177ff400 0x00000000 0x00000C10 "./u-boot.imx"
[Authenticate Data]
Blocks = 0x17800010 0x00000C10 0x0007AFF0 "./u-boot.imx"
[Decrypt Data]
Blocks = 0x17800010 0x00000C10 0x0007AFF0 "./u-boot.imx"
I've tried such config already. CSF was generated and u-boot.bin was encrypted without errors. But final image failed to boot. need to figure out:
- am I doing something wrong ?
- or simultaneous encryption and signing doesn't supported
Thanks