[U-Boot] Secure Boot Mode on rk3288 Radxa Rock2
We have successfully built u-boot loader for rk3288 from the rock_bsp repository here: https://github.com/radxa/rock-bsp.git
We were able to create keys and sign the loader image using the secureBootConsole tool we found here: https://bitbucket.org/T-Firefly/firefly-rk3288/src/45fb49ab0f41/RKTools/linu...
After using the "upgrade_tool" to flash the loader image to the rk3288, the new u-boot announces itself. It reports this rather than 0 and 0...
SecureBootEn = 1, SecureBootLock = 1 : : Secure Boot Mode: 0x0 ====================
QUESTION ========
What is the process necessary to set the Efuse to the appropriate hash based on the public key, so that the loader will run in Secure Boot Mode?
We assume this is the necessary step to be able to read the larger Efuse (available in Secure Mode only)?
Hey Geoff
On Mon, 2015-12-07 at 22:13 -0500, Geoff Cleary wrote:
We have successfully built u-boot loader for rk3288 from the rock_bsp repository here: https://github.com/radxa/rock-bsp.git
The u-boot loader in the radxa/rockchip BSP is a vendor fork of an old mainline u-boot. This list is about mainline u-boot :)
We were able to create keys and sign the loader image using the secureBootConsole tool we found here: https://bitbucket.org/T-Firefly/firefly-rk3288/src/45fb49ab0f41/RKToo ls/linux/Linux_SecureBoot/?at=pad
After using the "upgrade_tool" to flash the loader image to the rk3288, the new u-boot announces itself. It reports this rather than 0 and 0...
SecureBootEn = 1, SecureBootLock = 1 : : Secure Boot Mode: 0x0 ====================
QUESTION
What is the process necessary to set the Efuse to the appropriate hash based on the public key, so that the loader will run in Secure Boot Mode?
We assume this is the necessary step to be able to read the larger Efuse (available in Secure Mode only)?
participants (2)
-
Geoff Cleary -
Sjoerd Simons