Hi Breno Lima, For the moment we have not secure boot, we use "plain" u-boot running on a module board equipped with an "open" i.MX6UL processor, and we are newbies in the field of secure boot. We wish that our firmware works only on approved hardware, and not on common one. From what we have read, secured boot allow that only approved FW works on prepared HW; our problem is just the reciprocal, i.e. allow running of our FW only on approved boards. In other words, a secured FW can works on a unsecured board (while a secured board requires a secured FW), we wish to block this situation. All The Best,
Saverio M.
Il 19/01/2018 18:54, Breno Matheus Lima ha scritto:
Hi Saverio,
2018-01-19 11:12 GMT-02:00 Saverio Mori saverio.mori@gmail.com:
Hi to the community. I have found a lot of material on secure booting and how to sign u-boot an uimage in order to that only trusted sw is load. This is good for my but i have also the opposite problem, that is i have to be sure that my sw is load on an hardware signed in some way. It is possible, and how, implement this feature in u-boot, at least running on iMX6 boards? Thanks!!!
Can you please share more details about this verification you want to achieve? Are you currently running a signed U-Boot in a closed device (eFuse SEC_CONFIG = 1)?
Thanks, Breno Lima