Changes between Version 36 and Version 37 of venice/secure_boot

Timestamp:

07/17/2024 11:28:45 PM (5 months ago)

Author:

Tim Harvey

Comment:

fix typo in directory name; add note about different SOCs; add hab_status result

venice/secure_boot

@@ -144 +144 @@
 # checkout a fresh u-boot
 git clone https://github.com/Gateworks/uboot-venice.git
-cd u-boot
+cd uboot-venice
 # setup cross toolchain environment (ie source setup-environment in Venice BSP dir)
 export PATH=$VENICE_BSP/buildroot/output/host/bin:$PATH
@@ -154 +154 @@
 # configure for venice board
 make imx8mm_venice_defconfig
-make menuconfig # select CONFIG_IMX_HAB=y and CONFIG_SPL_LOAD_FIT_ADDRESS=0x44000000
+make menuconfig # select CONFIG_IMX_HAB=y
 make flash.bin
 }}}
@@ -161 +161 @@
 $ make savedefconfig && diff defconfig configs/imx8mm_venice_defconfig
 scripts/kconfig/conf  --savedefconfig=defconfig Kconfig
-21,22d20
+21,22d21
 < CONFIG_IMX_HAB=y
 < # CONFIG_CMD_DEKBLOB is not set
-31d28
-< CONFIG_SPL_LOAD_FIT_ADDRESS=0x44000000
-}}}
+}}}
+  - note that the above is for imx8mm (you need to copy the ATF from the imx8mp directory and use imx8mp_venice_defconfig if you are using imx8mp for example)
  3. create a signed_flash.bin
 {{{#!bash
@@ -210 +209 @@
 
 U-Boot 2023.04-00034-g1f567dfbe119 (Jun 23 2023 - 15:53:20 -0700)
+...
+Hit any key to stop autoboot:  0
+u-boot=> hab_status
+
+Secure boot disabled
+
+HAB Configuration: 0xf0, HAB State: 0x66
+No HAB Events Found!
 }}}
   - Note the 'hab fuse not enabled' message which means the SEC_CONFIG[1] fuse is not blown and the device is not locked