Changes between Version 5 and Version 6 of venice/secure_boot


Ignore:
Timestamp:
09/02/2022 05:47:52 PM (3 months ago)
Author:
Tim Harvey
Comment:

added note about U-Boot version compatibility and U-Boot config requirements

Legend:

Unmodified
Added
Removed
Modified
  • venice/secure_boot

    v5 v6  
    2525https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL_NEW
    2626
    27 == i.MX secure boot SPL
     27== i.MX secure boot SPL (U-Boot v2021-07-venice)
     28** This section is based on the [https://github.com/Gateworks/uboot-venice/tree/v2021.07-venice v2021-07-venice Gateworks U-Boot repository] - Instructions will differ for other versions of U-Boot **
     29
    2830Boards using U-Boot SPL and U-Boot propper for boot firmware support using HABv4 authentication for both images.
    2931
     
    3436In General you must:
    3537 - Build boot firmware that contains HABv4 support
     38  - CONFIG_IMX_HAB=y ('hab_auto_img', 'hab_status' and 'hab_version' cmds)
     39  - CONFIG_CMD_FSL_CAAM_KB=y ('caam genblob' and 'caam decap' cmds)
     40  - CONFIG_CMD_DEKBLOB=y (optional) ('dek_blob' cmd)
     41  - CONFIG_OF_LIST=<single target> (at this time only a single board can be supported by the image so replace the list of models in configs/imx8*_venice_defconfig with just the model you want to support)
    3642 - Create a PKI tree and SRK table via the NXP Code Signing Tool
    3743 - Construct boot firmware with a proper Command Sequence File (CSF) (CSF blobs are created with the NXP Code Signing Tool)