AnsweredAssumed Answered

NXP's Secure boot variant for i.MX8M

Question asked by Venkatasai Thotakura on Jan 23, 2020
Latest reply on Jan 23, 2020 by igorpadykov

Hi All, it is going to be a bit long question as I'm putting the questions and observations I had.

 

I'm using i.MX8M EVK and trying to enable the secure boot feature on the same. After doing some study & searching I didn't find specific details on which variant of secure boot the i.MX8M EVK supports? (is it HAB version 4? or AHAB?).

 

The reason for this question is none the application notes I'm referring (AN4581, AN12263 & AN12312) have details about i.MX8M (specifically). When one of my teammate reached out to the NXP support they replied AN12312 applies to i.MX8M but no where does that document list i.MX8M.

 

Also, when referring the u-boot code base introduction_ahab.txt\ahab\imx\doc - uboot-imx - i.MX U-Boot  - the introduction text file under AHAB only lists i.MX8/8x and introduction_habv4.txt\habv4\imx\doc - uboot-imx - i.MX U-Boot  - the introduction text file under HAB4 refers to i.MX 8M & i.MX 8MM.

 

The above reasons caused confusion to my understanding about the variant of secure boot supported for i.MX8M.

 

Below are the questions I had

1. What does the boot ROM of i.MX8M (i.MX8M EVK) gets programmed/shipped with? (Is it HAB4 or AHAB?) Is there a chance that i.MX8M supports both? If yes, how to check the variant of the secure boot for an i.MX processor?

2. When we enable secure boot in u-boot configuration file for i.MX8M in yocto, which APIs they try to access from boot ROM?

3. Lastly and importantly, is there a way to verify signed Linux Image from u-boot's command line without programming the fuses (using the shadow registers etc.,)? as I am a first time fuse programmer and don't want to brick the board with out verifying the functionality first. Any work around or help is highly appreciated.

 

Thanks for the patience to make it to the end.

 

i.mx 8m u-boot  secureboot #imx8m

Outcomes