AnsweredAssumed Answered

Encrypted boot on i.MX 6UL not working

Question asked by Kanimozhi Thangappan on Jan 30, 2020
Latest reply on Feb 6, 2020 by Kanimozhi Thangappan

We tried encrypted boot on i.MX 6UL EVK with the AN12056 reference. We tried both procedures,

   1. Signing and encrypting the signed image 

   2. Encrypting and signing the encrypted image


In both cases the board is not booting and we're not even able to debug anything. Here is the list of commands we've followed,


hexdump -e '/4 "%X""\n"' -s 20 -n 4 u-boot-dtb.imx
hexdump u-boot-dtb.imx | tail -n 1
~/Downloads/cst-3.3.0/linux64/bin/cst -o csf_enc.bin -i u-boot_enc.csf
cp u-boot-dtb.imx u-boot-dtb.imx.dummy
~/Downloads/cst-3.3.0/linux64/bin/cst -o csf_sign_enc.bin -i u-boot_sign_enc.csf
du -b csf_enc.bin
# Nonce/MAC = 2248 - 36
dd if=csf_enc.bin of=noncemac.bin bs=1 skip=2212 count=36
dd if=noncemac.bin of=csf_sign_enc.bin bs=1 seek=2212 count=36
objcopy -I binary -O binary --pad-to 0x2000 --gap-fill=0xff csf_sign_enc.bin csf_sign_enc_padded.bin
# signed and unencrypted U-Boot
cat u-boot-dtb.imx csf_sign_enc_padded.bin > u-boot_encrypted_no_dek.bin
sudo dd if=u-boot_encrypted_no_dek.bin of=/dev/sdc bs=1K seek=1 && sync


Hereby I've attached the following,

   1. CSF for encryption

   2. CSF signing the encrypted u-boot


Any help on this regard would be highly appreciated.