View Issue Details

IDProjectCategoryView StatusLast Update
0005780UBootU-Bootpublic2023-03-21 15:41
Reporterdippold Assigned To 
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Versionfsimx8mp-Y2022.12 
Target Versionfsimx8mp-Y2023.03Fixed in Versionfsimx8mp-Y2023.03 
Summary0005780: Add functionality for Secure Boot on i.MX8MM Boards
DescriptionAdd functionality for Secure Boot on fsimx8mm Boards. It can beactivated by using the fsimx8mm_defconfig. It allows for detection for signed and unsigned N-Boot Images and the corresponding handling depending on the Secure Boot configuration (open/closed).

The Images within the N-Boot are signed independently from each other, but all with the same key. The Reason for this decision is, that the whole N-Boot will never be in RAM during Boot. All the Images will be tested on the ATF loadaddress since it is on one Hand the laargest Area in OCRAM, and on the other Hand it is the last Image of the Firmware that is loaded.
The N-Boot will be checked when "fsimage save" is run in U-Boot, this is a comdort function, meant to protect a user from installing an N-Boot that is not able to be verified on closed Board. The "fsimage save" command will also abort when a regular U-Boot without security features is installed, and a User tries to installed a signed Image. This can cause the System to break and can only be fixed by recovery.
Forum Link


There are no notes attached to this issue.